Detections
Analytics

Fortinet FortiOS < 4.3.13 SSL-VPN TLS MAC Spoofing

medium Nessus Plugin ID 85806

Language:

Synopsis

The remote host is affected by a man-in-the-middle spoofing vulnerability.

Description

The remote host is running a version of FortiOS prior to 4.3.13. It is, therefore, affected by a man-in-the-middle spoofing vulnerability due to a flaw in the SSL-VPN feature. The SSL-VPN feature only validates the first byte of the TLS MAC in finished messages. A remote, man-in-the-middle attacker can exploit this, via a crafted MAC field, to spoof encrypted content, potentially resulting in the disclosure of sensitive information.

Solution

Upgrade to Fortinet FortiOS 4.3.14 or later.

Note that version 4.3.13 contained the earliest fix; however, that version contained an unrelated error and was removed from distribution.

See Also

https://forum.fortinet.com/tm.aspx?m=96828

https://forum.fortinet.com/tm.aspx?m=97337

http://www.nessus.org/u?f1fdeac2

Plugin Details

Severity: Medium

ID: 85806

File Name: fortios_ssl_vpn_tls_mac_mitm.nasl

Version: 1.4

Type: local

Family: Firewalls

Published: 9/4/2015

Updated: 7/11/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/o:fortinet:fortios

Required KB Items: Settings/ParanoidReport, Host/Fortigate/model, Host/Fortigate/version, Host/Fortigate/build

Exploit Ease: No known exploits are available

Patch Publication Date: 4/30/2013

Vulnerability Publication Date: 7/14/2015

Reference Information

CVE: CVE-2015-5965

BID: 76065