cvelistv5 - cve-2019-5592

CVE-2019-5592 (GCVE-0-2019-5592)

Vulnerability from cvelistv5 – Published: 2019-08-23 19:52 – Updated: 2024-10-25 14:05

Summary

Severity ?

No CVSS data available.

CWE

Information disclosure

Assigner

fortinet

References

URL

Tags

https://fortiguard.com/advisory/FG-IR-19-145

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Fortinet IPS Engine	Affected: IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:01:51.757Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-19-145"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-5592",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T13:59:49.317412Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:05:55.461Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet IPS Engine",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-23T19:52:17",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-19-145"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2019-5592",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet IPS Engine",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-19-145",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-19-145"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2019-5592",
    "datePublished": "2019-08-23T19:52:17",
    "dateReserved": "2019-01-07T00:00:00",
    "dateUpdated": "2024-10-25T14:05:55.461Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.00547\", \"matchCriteriaId\": \"830DC4A3-9C25-4314-9F20-BB6075605D69\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.00000\", \"versionEndIncluding\": \"4.00036\", \"matchCriteriaId\": \"4FB91C93-AFCA-4385-8999-71CB5BC1E6AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.00200\", \"versionEndIncluding\": \"4.00219\", \"matchCriteriaId\": \"52FCCBD8-CD08-4C75-8029-740B1C452066\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.00000\", \"versionEndIncluding\": \"5.00006\", \"matchCriteriaId\": \"E01C21FE-03D3-4374-8017-7CA189E3ED5A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de relleno de Oracle (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) en la implementaci\\u00f3n de relleno CBC de FortiOS IPS motor versi\\u00f3n 5.000 a 5.006, 4.000 a 4.036, 4.200 a 4.219, 3.547 y menores, cuando se configura con pol\\u00edticas de inspecci\\u00f3n profunda SSL y con el sensor IPS habilitado puede permitir que un atacante descifre las conexiones TLS que atraviesan el FortiGate a trav\\u00e9s del monitoreo del tr\\u00e1fico en una posici\\u00f3n de hombre en el medio.\"}]",
      "id": "CVE-2019-5592",
      "lastModified": "2024-11-21T04:45:11.663",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-08-23T20:15:10.347",
      "references": "[{\"url\": \"https://fortiguard.com/advisory/FG-IR-19-145\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://fortiguard.com/advisory/FG-IR-19-145\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@fortinet.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-347\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-5592\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2019-08-23T20:15:10.347\",\"lastModified\":\"2024-11-21T04:45:11.663\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de relleno de Oracle (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) en la implementaci\u00f3n de relleno CBC de FortiOS IPS motor versi\u00f3n 5.000 a 5.006, 4.000 a 4.036, 4.200 a 4.219, 3.547 y menores, cuando se configura con pol\u00edticas de inspecci\u00f3n profunda SSL y con el sensor IPS habilitado puede permitir que un atacante descifre las conexiones TLS que atraviesan el FortiGate a trav\u00e9s del monitoreo del tr\u00e1fico en una posici\u00f3n de hombre en el medio.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-347\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.00547\",\"matchCriteriaId\":\"830DC4A3-9C25-4314-9F20-BB6075605D69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.00000\",\"versionEndIncluding\":\"4.00036\",\"matchCriteriaId\":\"4FB91C93-AFCA-4385-8999-71CB5BC1E6AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.00200\",\"versionEndIncluding\":\"4.00219\",\"matchCriteriaId\":\"52FCCBD8-CD08-4C75-8029-740B1C452066\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.00000\",\"versionEndIncluding\":\"5.00006\",\"matchCriteriaId\":\"E01C21FE-03D3-4374-8017-7CA189E3ED5A\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.com/advisory/FG-IR-19-145\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://fortiguard.com/advisory/FG-IR-19-145\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"product\": \"Fortinet IPS Engine\", \"vendor\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below\"}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position.\"}], \"problemTypes\": [{\"descriptions\": [{\"description\": \"Information disclosure\", \"lang\": \"en\", \"type\": \"text\"}]}], \"providerMetadata\": {\"dateUpdated\": \"2019-08-23T19:52:17\", \"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\"}, \"references\": [{\"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://fortiguard.com/advisory/FG-IR-19-145\"}], \"x_legacyV4Record\": {\"CVE_data_meta\": {\"ASSIGNER\": \"psirt@fortinet.com\", \"ID\": \"CVE-2019-5592\", \"STATE\": \"PUBLIC\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"product_name\": \"Fortinet IPS Engine\", \"version\": {\"version_data\": [{\"version_value\": \"IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below\"}]}}]}, \"vendor_name\": \"n/a\"}]}}, \"data_format\": \"MITRE\", \"data_type\": \"CVE\", \"data_version\": \"4.0\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Information disclosure\"}]}]}, \"references\": {\"reference_data\": [{\"name\": \"https://fortiguard.com/advisory/FG-IR-19-145\", \"refsource\": \"CONFIRM\", \"url\": \"https://fortiguard.com/advisory/FG-IR-19-145\"}]}}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T20:01:51.757Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"https://fortiguard.com/advisory/FG-IR-19-145\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2019-5592\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-23T13:59:49.317412Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-23T14:01:03.880Z\"}}]}",
      "cveMetadata": "{\"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"assignerShortName\": \"fortinet\", \"cveId\": \"CVE-2019-5592\", \"datePublished\": \"2019-08-23T19:52:17\", \"dateReserved\": \"2019-01-07T00:00:00\", \"dateUpdated\": \"2024-10-25T14:05:55.461Z\", \"state\": \"PUBLISHED\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2019-5592

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-5592

Aliases

CVE-2019-5592

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-5592",
    "description": "Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position.",
    "id": "GSD-2019-5592"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-5592"
      ],
      "details": "Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position.",
      "id": "GSD-2019-5592",
      "modified": "2023-12-13T01:23:54.811005Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@fortinet.com",
        "ID": "CVE-2019-5592",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Fortinet IPS Engine",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://fortiguard.com/advisory/FG-IR-19-145",
            "refsource": "CONFIRM",
            "url": "https://fortiguard.com/advisory/FG-IR-19-145"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.00547",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.00036",
                "versionStartIncluding": "4.00000",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.00219",
                "versionStartIncluding": "4.00200",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.00006",
                "versionStartIncluding": "5.00000",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2019-5592"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-347"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-19-145",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://fortiguard.com/advisory/FG-IR-19-145"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-08-23T20:15Z"
    }
  }
}

VAR-201908-0098

Vulnerability from variot - Updated: 2023-12-18 13:52

Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position. FortiOS IPS engine Contains an information disclosure vulnerability.Information may be obtained. FortiOS IPS engine is prone to an information-disclosure vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. This vulnerability stems from configuration errors in network systems or products during operation

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0098",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortios ips engine",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "4.00000"
      },
      {
        "model": "fortios ips engine",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "4.00036"
      },
      {
        "model": "fortios ips engine",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "4.00200"
      },
      {
        "model": "fortios ips engine",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "4.00219"
      },
      {
        "model": "fortios ips engine",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.00006"
      },
      {
        "model": "fortios ips engine",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.00000"
      },
      {
        "model": "fortios ips engine",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "3.00547"
      },
      {
        "model": "fortios ips engine",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "3.547"
      },
      {
        "model": "fortios ips engine",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "4.000 to  4.036"
      },
      {
        "model": "fortios ips engine",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "4.200 to  4.219"
      },
      {
        "model": "fortios ips engine",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.000 to  5.006"
      },
      {
        "model": "ips engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.00200"
      },
      {
        "model": "ips engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.00006"
      },
      {
        "model": "ips engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.00000"
      },
      {
        "model": "ips engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.00219"
      },
      {
        "model": "ips engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.00036"
      },
      {
        "model": "ips engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.00000"
      },
      {
        "model": "ips engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.00547"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "109337"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008576"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5592"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.00547",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.00036",
                "versionStartIncluding": "4.00000",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.00219",
                "versionStartIncluding": "4.00200",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.00006",
                "versionStartIncluding": "5.00000",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-5592"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "109337"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2019-5592",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-5592",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-157027",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-5592",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-5592",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201907-1256",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-157027",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-157027"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008576"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5592"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1256"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position. FortiOS IPS engine Contains an information disclosure vulnerability.Information may be obtained. FortiOS IPS engine is prone to an information-disclosure  vulnerability. \nAn attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. This vulnerability stems from configuration errors in network systems or products during operation",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-5592"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008576"
      },
      {
        "db": "BID",
        "id": "109337"
      },
      {
        "db": "VULHUB",
        "id": "VHN-157027"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-5592",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "109337",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008576",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1256",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2765",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2765.2",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-157027",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-157027"
      },
      {
        "db": "BID",
        "id": "109337"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008576"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5592"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1256"
      }
    ]
  },
  "id": "VAR-201908-0098",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-157027"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:52:15.642000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-19-145",
        "trust": 0.8,
        "url": "https://fortiguard.com/advisory/fg-ir-19-145"
      },
      {
        "title": "Fortinet FortiOS IPS engine Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=95423"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008576"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1256"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-347",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-157027"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008576"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5592"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/advisory/fg-ir-19-145"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5592"
      },
      {
        "trust": 0.9,
        "url": "http://www.fortinet.com/"
      },
      {
        "trust": 0.9,
        "url": "https://fortiguard.com/psirt/fg-ir-19-145"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5592"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortios-on-ips-engine-information-disclosure-via-ssl-deep-inspection-padding-oracle-29861"
      },
      {
        "trust": 0.6,
        "url": "https://www.securityfocus.com/bid/109337"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2765/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2765.2/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-157027"
      },
      {
        "db": "BID",
        "id": "109337"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008576"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5592"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1256"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-157027"
      },
      {
        "db": "BID",
        "id": "109337"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008576"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5592"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1256"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-157027"
      },
      {
        "date": "2019-07-23T00:00:00",
        "db": "BID",
        "id": "109337"
      },
      {
        "date": "2019-09-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-008576"
      },
      {
        "date": "2019-08-23T20:15:10.347000",
        "db": "NVD",
        "id": "CVE-2019-5592"
      },
      {
        "date": "2019-07-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-1256"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-157027"
      },
      {
        "date": "2019-07-23T00:00:00",
        "db": "BID",
        "id": "109337"
      },
      {
        "date": "2019-09-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-008576"
      },
      {
        "date": "2020-08-24T17:37:01.140000",
        "db": "NVD",
        "id": "CVE-2019-5592"
      },
      {
        "date": "2020-10-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-1256"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1256"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FortiOS IPS engine Vulnerable to information disclosure",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008576"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "data forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1256"
      }
    ],
    "trust": 0.6
  }
}

CERTFR-2019-AVI-357

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Fortinet FortiOS. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiOS	IPSEngine versions antérieures à 3.00548 sur FortiOS versions 5.6 et antérieures
Fortinet	FortiOS	IPSEngine versions antérieures à 5.00007 sur FortiOS 6.2
Fortinet	FortiOS	IPSEngine versions antérieures à 4.00037 sur FortiOS 6.0

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-19-145 du 23 juillet 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IPSEngine versions ant\u00e9rieures \u00e0 3.00548 sur FortiOS versions 5.6 et ant\u00e9rieures",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "IPSEngine versions ant\u00e9rieures \u00e0 5.00007 sur FortiOS 6.2",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "IPSEngine versions ant\u00e9rieures \u00e0 4.00037 sur FortiOS 6.0",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-5592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5592"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-357",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-07-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Fortinet FortiOS. Elle permet \u00e0\nun attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Fortinet FortiOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-19-145 du 23 juillet 2019",
      "url": "https://fortiguard.com/psirt/FG-IR-19-145"
    }
  ]
}

CERTFR-2019-AVI-357

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Fortinet FortiOS. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiOS	IPSEngine versions antérieures à 3.00548 sur FortiOS versions 5.6 et antérieures
Fortinet	FortiOS	IPSEngine versions antérieures à 5.00007 sur FortiOS 6.2
Fortinet	FortiOS	IPSEngine versions antérieures à 4.00037 sur FortiOS 6.0

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-19-145 du 23 juillet 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IPSEngine versions ant\u00e9rieures \u00e0 3.00548 sur FortiOS versions 5.6 et ant\u00e9rieures",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "IPSEngine versions ant\u00e9rieures \u00e0 5.00007 sur FortiOS 6.2",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "IPSEngine versions ant\u00e9rieures \u00e0 4.00037 sur FortiOS 6.0",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-5592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5592"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-357",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-07-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Fortinet FortiOS. Elle permet \u00e0\nun attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Fortinet FortiOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-19-145 du 23 juillet 2019",
      "url": "https://fortiguard.com/psirt/FG-IR-19-145"
    }
  ]
}

GHSA-3XMC-3R4G-3QF4

Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2024-04-04 01:47

Details

Severity ?

5.9 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-5592"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-23T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position.",
  "id": "GHSA-3xmc-3r4g-3qf4",
  "modified": "2024-04-04T01:47:09Z",
  "published": "2022-05-24T16:54:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5592"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/advisory/FG-IR-19-145"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2019-5592

Vulnerability from fkie_nvd - Published: 2019-08-23 20:15 - Updated: 2024-11-21 04:45

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	psirt@fortinet.com	https://fortiguard.com/advisory/FG-IR-19-145	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/advisory/FG-IR-19-145	Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortios_ips_engine	*
fortinet	fortios_ips_engine	*
fortinet	fortios_ips_engine	*
fortinet	fortios_ips_engine	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "830DC4A3-9C25-4314-9F20-BB6075605D69",
              "versionEndIncluding": "3.00547",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FB91C93-AFCA-4385-8999-71CB5BC1E6AA",
              "versionEndIncluding": "4.00036",
              "versionStartIncluding": "4.00000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52FCCBD8-CD08-4C75-8029-740B1C452066",
              "versionEndIncluding": "4.00219",
              "versionStartIncluding": "4.00200",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01C21FE-03D3-4374-8017-7CA189E3ED5A",
              "versionEndIncluding": "5.00006",
              "versionStartIncluding": "5.00000",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de relleno de Oracle (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) en la implementaci\u00f3n de relleno CBC de FortiOS IPS motor versi\u00f3n 5.000 a 5.006, 4.000 a 4.036, 4.200 a 4.219, 3.547 y menores, cuando se configura con pol\u00edticas de inspecci\u00f3n profunda SSL y con el sensor IPS habilitado puede permitir que un atacante descifre las conexiones TLS que atraviesan el FortiGate a trav\u00e9s del monitoreo del tr\u00e1fico en una posici\u00f3n de hombre en el medio."
    }
  ],
  "id": "CVE-2019-5592",
  "lastModified": "2024-11-21T04:45:11.663",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-23T20:15:10.347",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-19-145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-19-145"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-347"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-5592 (GCVE-0-2019-5592)

GSD-2019-5592

VAR-201908-0098

CERTFR-2019-AVI-357

Solution

CERTFR-2019-AVI-357

Solution

GHSA-3XMC-3R4G-3QF4

FKIE_CVE-2019-5592

Tags

Sightings

Nomenclature