CVE-2012-4948

CVE Database · CVE-2012-4948

CVE-2012-4948

· N/AModified

CVSS v3.1

N/A

EPSS

0.34%

Published

Nov 14, 2012

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities.

Weaknesses (CWE)

CWE-295

Affected Products (29)

fortinet · fortigate-1000cvulnerable

fortinet · fortigate-100dvulnerable

fortinet · fortigate-110cvulnerable

fortinet · fortigate-1240bvulnerable

fortinet · fortigate-200bvulnerable

fortinet · fortigate-20cvulnerable

fortinet · fortigate-300cvulnerable

fortinet · fortigate-3040bvulnerable

fortinet · fortigate-310bvulnerable