CVE-2019-5592

CVE Database · CVE-2019-5592

CVE-2019-5592

· MEDIUMModified

CVSS v3.1

5.9

EPSS

0.71%

Published

Aug 23, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-347

Affected Products (4)

fortinet · fortios_ips_enginevulnerable

References (2)

https://fortiguard.com/advisory/FG-IR-19-145

Vendor Advisory

https://fortiguard.com/advisory/FG-IR-19-145

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs