virus logo FortiClient Vulnerability

OpenSSL CVE-2014-3511 Vulnerability

description-logoDescription

A flaw in the OpenSSL SSL/TLS server code causes the server to negotiateTLS 1.0 instead of higher protocol versions when the ClientHello message isbadly fragmented. This allows a man-in-the-middle attacker to force adowngrade to TLS 1.0 even if both the server and the client support a higherprotocol version, by modifying the client's TLS records.OpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i.Thanks to David Benjamin and Adam Langley (Google) for discovering andresearching this issue. This issue was reported to OpenSSL on 21st July 2014.The fix was developed by David Benjamin.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2014-3511

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 39808
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor OpenSSL
Patch manual
Application OpenSSL