CVE-2012-4948 Information

Description

The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers’ installations which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities.

Reference

http://osvdb.org/87048 http://www.kb.cert.org/vuls/id/111708 http://www.securityfocus.com/bid/56382