CVE-2015-5965

MEDIUM

The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a crafted MAC field.

Score CVSS v2.0

5.0

/ 10.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N

Informations

Publié: 11 août 2015
Mis à jour: 12 avr. 2025
Statut: Deferred
Source: cve@mitre.org

Produits affectés

fortinet fortiosToutes les CVE Fortinet FortiOS →

Versions : 4.3.12

Faiblesses (CWE)

CWE-20

Références (10)

http://www.fortiguard.com/advisory/FG-IR-15-016/
Vendor Advisory
http://www.securityfocus.com/bid/76065
http://www.securitytracker.com/id/1033256
https://security.gentoo.org/glsa/201508-01
https://vivaldi.net/en-US/blogs/entry/the-poodle-has-friends
http://www.fortiguard.com/advisory/FG-IR-15-016/
Vendor Advisory
http://www.securityfocus.com/bid/76065
http://www.securitytracker.com/id/1033256
https://security.gentoo.org/glsa/201508-01
https://vivaldi.net/en-US/blogs/entry/the-poodle-has-friends

CVEs similaires

Autres vulnérabilités de type CWE-20

Loading…

Surveillez vos produits

Recevez une alerte automatique à chaque nouvelle CVE affectant vos équipements.

Activer la surveillance