FortiOS supports weak ciphers suites when connecting to Fortiguard servers
DescriptionWhen connecting to a FortiGuard server via TLS, FortiOS 5.2.3/5.0.11 and below is supporting multiple weak ciphers including anonymous, export and RC4.
Although FortiGuard servers are actually offering back strong ciphers only, an attacker in a "Man in the Middle" position may leverage FortiOS' acceptance of weak ciphers to decipher and tamper with the TLS connection.
Affected ProductsFortiOS 5.2.0 to 5.2.3
FortiOS 5.0.0 to 5.0.11