High severity7.4NVD Advisory· Published Feb 13, 2017· Updated Jun 17, 2026
CVE-2016-8495
CVE-2016-8495
Description
An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature.
Affected products
20cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*+ 19 more
- cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.0.11:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.2.4:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.2.6:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.2.7:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.4.1:*:*:*:*:*:*:*
- (no CPE)range: 5.0.6 - 5.2.7, 5.4.0 - 5.4.1
- (no CPE)range: 5.0.6 to 5.2.7
Patches
Vulnerability mechanics
References
3- www.securityfocus.com/bid/96157nvdThird Party AdvisoryVDB Entry
- fortiguard.com/advisory/FG-IR-16-055nvdVendor Advisory
- www.securitytracker.com/id/1037805nvd
News mentions
0No linked articles in our index yet.