Multiple Vulnerabilities in OpenSSL
CVE-2014-0224 may allow an attacker with a privileged network position (man-in-the-middle) to decrypt SSL encrypted communications. CVE-2014-0221 may allow an attacker to crash a DTLS client with an invalid handshake. CVE-2014-0195 can result in a buffer overrun attack by sending invalid DTLS fragments to an OpenSSL DTLS client or server. CVE-2014-0198 and CVE-2010-5298 may allow an attacker to cause a denial of service under certain conditions, when SSL_MODE_RELEASE_BUFFERS is enabled. CVE-2014-3470 may allow an attacker to trigger a denial of service in SSL clients when anonymous ECDH ciphersuites are enabled. This issue does not affect Fortinet products. CVE-2014-0076 can be used to discover ECDSA nonces on multi-user systems by exploiting timing attacks in CPU L3 caches. This does not apply to Fortinet products.
Upgrade to FortiGate 4.3.16 (build 686),5.2.0 (build 589),5.0.8 (build 291) or higher.
FortiGate < 4.3.16 (build 686),5.2.0 (build 589),5.0.8 (build 291)
Check the version
Updated on 2015-03-25