Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-5592

Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position.

Published

2019-08-23T20:15:10.347

Last Modified

2024-11-21T04:45:11.663

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-347

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortios_ips_engine	≤ 3.00547	Yes
Application	fortinet	fortios_ips_engine	≤ 4.00036	Yes
Application	fortinet	fortios_ips_engine	≤ 4.00219	Yes
Application	fortinet	fortios_ips_engine	≤ 5.00006	Yes

References

https://fortiguard.com/advisory/FG-IR-19-145 Vendor Advisory ([email protected])
https://fortiguard.com/advisory/FG-IR-19-145 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)