CVE-2015-5965

Name of the Vulnerable Software and Affected Versions FortiOS versions prior to 4.3.13

Description The issue is related to the SSL-VPN feature, which only checks the first byte of the TLS MAC in finished messages. This makes it easier for remote attackers to spoof encrypted content via a crafted MAC field. The vulnerability is caused by errors in processing input data, allowing a remote attacker to substitute encrypted traffic with a specially formed MAC.

Recommendations For versions prior to 4.3.13, update to version 4.3.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the SSL-VPN feature until a patch is available. Avoid using the SSL-VPN feature in sensitive environments until the issue is resolved.