5.9

CVE-2019-5592

EPSS 0.12%
Veröffentlicht 23.08.2019 20:15:10
Zuletzt bearbeitet 21.11.2024 04:45:11
Quelle psirt@fortinet.com
CVE-Watchlists
Login
Unerledigt
Login

Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fortinet ≫ Fortios Ips Engine Version <= 3.00547

Fortinet ≫ Fortios Ips Engine Version >= 4.00000 <= 4.00036

Fortinet ≫ Fortios Ips Engine Version >= 4.00200 <= 4.00219

Fortinet ≫ Fortios Ips Engine Version >= 5.00000 <= 5.00006

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.309

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://fortiguard.com/advisory/FG-IR-19-145

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-5592

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-5592

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-5592

EUVD