CVE-2015-2323 Information

Description

FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous export RC4 and possibly other weak ciphers when using TLS to connect to FortiGuard servers which allows man-in-the-middle attackers to spoof TLS content by modifying packets.

Reference

http://fortiguard.com/advisory/2015-07-24-weak-ciphers-suites-are-presented-towards-fortiguard-servers http://www.fortiguard.com/advisory/FG-IR-15-021/ http://www.securitytracker.com/id/1033092