CVE-2019-15703

Name of the Vulnerable Software and Affected Versions FortiOS versions 6.2.1, 6.2.0, 6.0.8 and below

Description The issue is related to insufficient entropy in the PRNG, which can be exploited by an attacker to recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks. This can potentially allow an attacker to gain unauthorized access to protected information when FortiOS acts as a TLS client. The problem is specifically noted in FortiGate VM models that do not have a hardware TRNG token and models that do not support a builtin TRNG seed.

Recommendations For FortiOS versions 6.2.1, 6.2.0, 6.0.8 and below, consider disabling the TLS client functionality with RSA handshake and mutual ECDSA authentication until a patch is available. Restrict access to the CTR DRBG random data software generator to minimize the risk of exploitation. Avoid using the FortiGate VM models without a hardware TRNG token or builtin TRNG seed for TLS connections that require high security. At the moment, there is no information about a newer version that contains a fix for this vulnerability.