CVE-2019-5592
Summary
| CVE | CVE-2019-5592 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-08-23 20:15:00 UTC |
| Updated | 2020-08-24 17:37:00 UTC |
| Description | Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position. |
Risk And Classification
Problem Types: CWE-347
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Fortinet | Fortios Ips Engine | All | All | All | All |
| Application | Fortinet | Fortios Ips Engine | All | All | All | All |
| Application | Fortinet | Fortios Ips Engine | All | All | All | All |
| Application | Fortinet | Fortios Ips Engine | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| FortiGuard | CONFIRM | fortiguard.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.