Fortinet FortiOS 4.3.x < 4.3.19 TLS and IPSEC Information Disclosure
Low Nessus Plugin ID 95440
SynopsisThe remote host is affected by an information disclosure vulnerability.
DescriptionThe remote FortiGate device is running a version of FortiOS that is 4.3.x prior to 4.2.19. It is, therefore, affected by a flaw due to the implementation the ANSI X9.31 RNG that is used to decrypt TLS and IPSec traffic. A man-in-the-middle (MitM) attacker can exploit this to disclose sensitive information.
SolutionUpgrade to Fortinet FortiOS version 4.3.19 / 5.0 or later.