CVE-2012-4948 - Vulnerability Details

The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fortinet	Fortigate-1000c Fortigate-100d Fortigate-110c Fortigate-1240b Fortigate-200b Fortigate-20c Fortigate-300c Fortigate-3040b Fortigate-310b Fortigate-311b Fortigate-3140b Fortigate-3240c Fortigate-3810a Fortigate-3950b Fortigate-40c Fortigate-5001a-sw Fortigate-5001b Fortigate-5020 Fortigate-5060 Fortigate-50b Fortigate-5101c Fortigate-5140b Fortigate-600c Fortigate-60c Fortigate-620b Fortigate-800c Fortigate-80c Fortigate-voice-80c Fortigaterugged-100c

Configuration 1 [-]

OR	cpe:2.3:h:fortinet:fortigate-1000c:-:::::::*
	cpe:2.3:h:fortinet:fortigate-100d:-:::::::*
	cpe:2.3:h:fortinet:fortigate-110c:-:::::::*
	cpe:2.3:h:fortinet:fortigate-1240b:-:::::::*
	cpe:2.3:h:fortinet:fortigate-200b:-:::::::*
	cpe:2.3:h:fortinet:fortigate-20c:-:::::::*
	cpe:2.3:h:fortinet:fortigate-300c:-:::::::*
	cpe:2.3:h:fortinet:fortigate-3040b:-:::::::*
	cpe:2.3:h:fortinet:fortigate-310b:-:::::::*
	cpe:2.3:h:fortinet:fortigate-311b:-:::::::*
	cpe:2.3:h:fortinet:fortigate-3140b:-:::::::*
	cpe:2.3:h:fortinet:fortigate-3240c:-:::::::*
	cpe:2.3:h:fortinet:fortigate-3810a:-:::::::*
	cpe:2.3:h:fortinet:fortigate-3950b:-:::::::*
	cpe:2.3:h:fortinet:fortigate-40c:-:::::::*
	cpe:2.3:h:fortinet:fortigate-5001a-sw:-:::::::*
	cpe:2.3:h:fortinet:fortigate-5001b:-:::::::*
	cpe:2.3:h:fortinet:fortigate-5020:-:::::::*
	cpe:2.3:h:fortinet:fortigate-5060:-:::::::*
	cpe:2.3:h:fortinet:fortigate-50b:-:::::::*
	cpe:2.3:h:fortinet:fortigate-5101c:-:::::::*
	cpe:2.3:h:fortinet:fortigate-5140b:-:::::::*
	cpe:2.3:h:fortinet:fortigate-600c:-:::::::*
	cpe:2.3:h:fortinet:fortigate-60c:-:::::::*
	cpe:2.3:h:fortinet:fortigate-620b:-:::::::*
	cpe:2.3:h:fortinet:fortigate-800c:-:::::::*
	cpe:2.3:h:fortinet:fortigate-80c:-:::::::*
	cpe:2.3:h:fortinet:fortigate-voice-80c:-:::::::*
	cpe:2.3:h:fortinet:fortigaterugged-100c:-:::::::*

No data.

References

Link	Providers
http://osvdb.org/87048
http://www.kb.cert.org/vuls/id/111708
http://www.securityfocus.com/bid/56382

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2012-11-14T11:00:00

Updated: 2024-08-06T20:50:18.189Z

Reserved: 2012-09-17T00:00:00

Link: CVE-2012-4948

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-11-14T12:30:59.507

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-4948

Redhat

No data.

Metrics

Access Vector Adjacent Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Adjacent Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object