FortiOS supports weak ciphers suites when connecting to Fortiguard servers Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-15-021 Final 1 1 2015-07-24T00:00:00 Current version 2015-07-24T00:00:00 2015-07-24T00:00:00 When connecting to a FortiGuard server via TLS, FortiOS 5.2.3/5.0.11 and below is supporting multiple weak ciphers including anonymous, export and RC4. Although FortiGuard servers are actually offering back strong ciphers only, an attacker in a "Man in the Middle" position may leverage FortiOS' acceptance of weak ciphers to decipher and tamper with the TLS connection. MitM that could lead to traffic alteration or decryption FortiOS 5.2.0 to 5.2.3FortiOS 5.0.0 to 5.0.11 FortiOS (including with FIPS-CC licenses) must be upgraded to 5.0.12 or 5.2.4. Thanks to the Citrix Security Team. CVE-2015-2323 https://fortiguard.fortinet.com/psirt/FG-IR-15-021 FortiOS supports weak ciphers suites when connecting to Fortiguard servers Reference>