FortiOS supports weak ciphers suites when connecting to Fortiguard servers
Description
When connecting to a FortiGuard server via TLS, FortiOS 5.2.3/5.0.11 and below is supporting multiple weak ciphers including anonymous, export and RC4.Although FortiGuard servers are actually offering back strong ciphers only, an attacker in a "Man in the Middle" position may leverage FortiOS' acceptance of weak ciphers to decipher and tamper with the TLS connection.
Affected Products
FortiOS 5.2.0 to 5.2.3FortiOS 5.0.0 to 5.0.11