The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a crafted MAC field.
References
Configurations
History
21 Nov 2024, 02:34
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.fortiguard.com/advisory/FG-IR-15-016/ - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/76065 - | |
References | () http://www.securitytracker.com/id/1033256 - | |
References | () https://security.gentoo.org/glsa/201508-01 - | |
References | () https://vivaldi.net/en-US/blogs/entry/the-poodle-has-friends - |
Information
Published : 2015-08-11 14:59
Updated : 2024-11-21 02:34
NVD link : CVE-2015-5965
Mitre link : CVE-2015-5965
CVE.ORG link : CVE-2015-5965
JSON object : View
Products Affected
fortinet
- fortios
CWE
CWE-20
Improper Input Validation