PT-2015-3365 · Fortinet · Fortios

Published

2015-07-15

Updated

2016-12-24

CVE-2015-5965

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions FortiOS versions prior to 4.3.13

Description The issue is related to the SSL-VPN feature, which only checks the first byte of the TLS MAC in finished messages. This makes it easier for remote attackers to spoof encrypted content via a crafted MAC field. The vulnerability is caused by errors in processing input data, allowing a remote attacker to substitute encrypted traffic with a specially formed MAC.

Recommendations For versions prior to 4.3.13, update to version 4.3.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the SSL-VPN feature until a patch is available. Avoid using the SSL-VPN feature in sensitive environments until the issue is resolved.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-310

Related Identifiers

BDU:2018-01294

CVE-2015-5965

Affected Products

Fortios

PT-2015-3365 · Fortinet · Fortios

CVE-2015-5965

Weakness Enumeration

Related Identifiers

Affected Products

References · 9