Summary
Multiple Vulnerabilities in OpenSSL
Impact
CVE-2014-0224 may allow an attacker with a privileged network position (man-in-the-middle) to decrypt SSL encrypted communications.
CVE-2014-0221 may allow an attacker to crash a DTLS client with an invalid handshake.
CVE-2014-0195 can result in a buffer overrun attack by sending invalid DTLS fragments to an OpenSSL DTLS client or server.
CVE-2014-0198 and CVE-2010-5298 may allow an attacker to cause a denial of service under certain conditions, when SSL_MODE_RELEASE_BUFFERS
is enabled.
CVE-2014-3470 may allow an attacker to trigger a denial of service in SSL clients when anonymous ECDH ciphersuites are enabled. This issue
does not affect Fortinet products.
CVE-2014-0076 can be used to discover ECDSA nonces on multi-user systems by exploiting timing attacks in CPU L3 caches. This does not apply
to Fortinet products.
Solution
Upgrade to FortiAnalyzer 5.2.0/5.0.7 (build 321) or higher.
Affected
FortiAnalyzer < 5.2.0/5.0.7
Detection
Check the version
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-0195, CVE-2014-0221, CVE-2014-0224 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities