CVE-2015-2323 - Unsanctified Concert

Description

FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous export RC4 and possibly other weak ciphers when using TLS to connect to FortiGuard servers which allows man-in-the-middle attackers to spoof TLS content by modifying packets.

Reference

http://www.fortiguard.com/advisory/FG-IR-15-021/ http://www.securitytracker.com/id/1033092 http://fortiguard.com/advisory/2015-07-24-weak-ciphers-suites-are-presented-towards-fortiguard-servers