FortiGate Vulnerabilities in FortiManager Service
A temporary denial of service condition can be created using a specially crafted request sent to the FortiManager protocol service in FortiOS version 5.0.0 to 5.0.7 and FortiOS version 4.3.15 and lower. Code execution has not been demonstrated, but may be possible under certain conditions. (CVE-2014-0352)
In addition, an attacker in a privileged network position may be able to perform a man-in-the-middle attack on FortiManager protocol communications through the use of an anonymous cipher suite. (CVE-2014-0351)
2014-08-19, Version 1: Initial Advisory for CVE-2014-2216.
2014-09-08, Version 2: Added CVE-2014-0351. CVE-2014-2216 has been renumbered to CVE-2014-0352 to match CERT-CC advisory.
Denial of Service
FortiOS 5.0.0 to 5.0.7, FortiOS 4.3.15 and lower.
Upgrade to FortiOS 4.3.16, 5.0.8, or 5.2.0.
These vulnerabilities can also be mitigated by disabling FGFM-Access on the interface, or blocking traffic for TCP port 541 with a local-in policy.
Gregor Kopf (Recurity Labs)