CVE-2019-5592

Published: Aug 23, 2019Modified: Nov 21, 2024

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position.

Affected (4)

Products: Fortinet: Fortios Ips Engine

Fortinet

1 product

Fortios Ips Engine

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortios Ips Engine	Up to 3.00547
Fortinet Fortios Ips Engine	From 4.00000 to 4.00036
Fortinet Fortios Ips Engine	From 4.00200 to 4.00219
Fortinet Fortios Ips Engine	From 5.00000 to 5.00006

Related CWEs

CWE-347

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (2)

https://fortiguard.com/advisory/FG-IR-19-145

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/advisory/FG-IR-19-145

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.