CVE-2015-5965
N/A
N/A
Summary
The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a crafted MAC field.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/76065
- http://www.fortiguard.com/advisory/FG-IR-15-016/
- http://www.securitytracker.com/id/1033256
- https://security.gentoo.org/glsa/201508-01
- https://vivaldi.net/en-US/blogs/entry/the-poodle-has-friends
References
- http://www.securityfocus.com/bid/76065
- http://www.fortiguard.com/advisory/FG-IR-15-016/
- http://www.securitytracker.com/id/1033256
- https://security.gentoo.org/glsa/201508-01
- https://vivaldi.net/en-US/blogs/entry/the-poodle-has-friends
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.