CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-5592

Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 31.2%

CVSS Severity

CVSS v3 Score 5.9

CVSS v2 Score 4.3

References

Products affected by CVE-2019-5592

Fortinet » Fortios Ips Engine » Version: N/A

cpe:2.3:a:fortinet:fortios_ips_engine:-
Fortinet » Fortios Ips Engine » Version: 3.00547

cpe:2.3:a:fortinet:fortios_ips_engine:3.00547
Fortinet » Fortios Ips Engine » Version: 4.00000

cpe:2.3:a:fortinet:fortios_ips_engine:4.00000
Fortinet » Fortios Ips Engine » Version: 4.00036

cpe:2.3:a:fortinet:fortios_ips_engine:4.00036
Fortinet » Fortios Ips Engine » Version: 4.00200

cpe:2.3:a:fortinet:fortios_ips_engine:4.00200
Fortinet » Fortios Ips Engine » Version: 4.00219

cpe:2.3:a:fortinet:fortios_ips_engine:4.00219
Fortinet » Fortios Ips Engine » Version: 5.00000

cpe:2.3:a:fortinet:fortios_ips_engine:5.00000
Fortinet » Fortios Ips Engine » Version: 5.00006

cpe:2.3:a:fortinet:fortios_ips_engine:5.00006

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-5592

Products

Pricing

Contact Us