The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Fortinet FortiGate

cybersecurity alert CVE-2015-5738

RSA: private key computation via CRT

Synthesis of the vulnerability

An attacker can exchange with an application not implementing the RSA-CRT protection, in order to progressively guess the private key.
Severity: 2/4.
Creation date: 08/09/2015.
Identifiers: cpuapr2015, CVE-2015-5738, openSUSE-SU-2015:1596-1, RSA-CRT, VIGILANCE-VUL-17836.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An implementation of the RSA algorithm can use the CRT (Chinese Remainder Theorem) optimization, so computations are faster. However, the RSA-CRT signature is affected by a side-channel attack, known since 1996 (Arjen Lenstra). OpenSSL and NSS are for example protected.

The GnuPG software is protected, but the Libgcrypt library is not. An attacker can therefore exchange with an application linked to Libgcrypt, to trigger a series of error and attack RSA-CRT, in order to progressively guess the private key.

The TLS protocol can use the Perfect Forward Secrecy. In this case, a RSA signature is used. However, several implementations, such as OpenJDK or JRE, do not have the RSA-CRT protection. An attacker can therefore exchange with a TLS server with the Perfect Forward Secrecy enabled, to trigger a series of error and attack RSA-CRT, in order to progressively guess the private key.

An attacker can therefore exchange with an application not implementing the RSA-CRT protection, in order to progressively guess the private key.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-5965

FortiOS: Man-in-the-Middle of SSL-VPN

Synthesis of the vulnerability

An attacker can perform a Man-in-the-Middle on FortiOS, in order to read or alter TLS session data.
Severity: 1/4.
Creation date: 12/08/2015.
Identifiers: CVE-2015-5965, FG-IR-15-016, VIGILANCE-VUL-17651.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The SSL-VPN feature of the FortiOS product uses the TLS protocol.

However, only the first byte of the MAC of the TLS Handshake Finished Message is checked.

An attacker can therefore perform a Man-in-the-Middle on FortiOS, in order to read or alter TLS session data.
Full Vigil@nce bulletin... (Free trial)

security weakness CVE-2015-3626

FortiOS: Cross Site Scripting of DHCP Monitor WebUI

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting in DHCP Monitor WebUI of FortiOS, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 30/07/2015.
Identifiers: CVE-2015-3626, VIGILANCE-VUL-17536.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The FortiOS product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting in DHCP Monitor WebUI of FortiOS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

cybersecurity note CVE-2015-2323

FortiOS: Man-in-the-Middle of TLS

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle between FortiOS and FortiGuard, in order to read or alter TLS sessions.
Severity: 2/4.
Creation date: 29/07/2015.
Identifiers: CVE-2015-2323, FG-IR-15-021, VIGILANCE-VUL-17527.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The FortiOS product can connect to FortiGuard servers using a TLS session.

However, the TLS client of FortiOS accepts weak algorithms (anonymous, export and RC4).

An attacker can therefore act as a Man-in-the-Middle between FortiOS and FortiGuard, in order to read or alter TLS sessions.
Full Vigil@nce bulletin... (Free trial)

weakness bulletin 17526

FortiOS: command execution via HA/ZebOS

Synthesis of the vulnerability

An attacker can access to ZebOS of FortiOS in HA mode, in order to run commands.
Severity: 2/4.
Creation date: 29/07/2015.
Identifiers: BID-76044, FG-IR-15-020, VIGILANCE-VUL-17526.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The FortiOS product can be configured in HA (High Availability) mode, with the management interface enabled (ha-mgmt-status and ha-mgmt-interface).

However, in this configuration, an attacker can connect without authentication the ZebOS shell.

An attacker can therefore access to ZebOS of FortiOS in HA mode, in order to run commands.
Full Vigil@nce bulletin... (Free trial)

computer weakness alert CVE-2014-8616 CVE-2015-1880

Fortinet FortiOS: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Fortinet FortiOS.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 05/05/2015.
Identifiers: CVE-2014-8616, CVE-2015-1880, FG-IR-15-005, VIGILANCE-VUL-16814.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Fortinet FortiOS.

An attacker can trigger a Cross Site Scripting in Sslvpn Login Page, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2015-1880]

An attacker can trigger a Cross Site Scripting in User Group, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2014-8616]

An attacker can trigger a Cross Site Scripting in Vpn Template Menu, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2014-8616]
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2015-0138 CVE-2015-0204

OpenSSL, LibReSSL, Mono, JSSE: weakening TLS encryption via FREAK

Synthesis of the vulnerability

An attacker, located as a Man-in-the-Middle, can force the Chrome, JSSE, LibReSSL, Mono or OpenSSL client to accept a weak export algorithm, in order to more easily capture or alter exchanged data.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 04/03/2015.
Revision date: 09/03/2015.
Identifiers: 122007, 1450666, 1610582, 1647054, 1698613, 1699051, 1699810, 1700225, 1700997, 1701485, 1902260, 1903541, 1963275, 1968485, 1973383, 55767, 7014463, 7022958, 9010028, ARUBA-PSA-2015-003, bulletinjan2015, c04556853, c04679334, c04773241, CERTFR-2015-AVI-108, CERTFR-2015-AVI-117, CERTFR-2015-AVI-146, CERTFR-2016-AVI-303, cisco-sa-20150310-ssl, cpuapr2017, cpujul2018, cpuoct2017, CTX216642, CVE-2015-0138, CVE-2015-0204, DSA-3125-1, FEDORA-2015-0512, FEDORA-2015-0601, FG-IR-15-007, FREAK, FreeBSD-SA-15:01.openssl, HPSBMU03345, HPSBUX03244, HPSBUX03334, JSA10679, MDVSA-2015:019, MDVSA-2015:062, MDVSA-2015:063, NetBSD-SA2015-006, NetBSD-SA2015-007, NTAP-20150205-0001, openSUSE-SU-2015:0130-1, openSUSE-SU-2016:0640-1, RHSA-2015:0066-01, RHSA-2015:0800-01, RHSA-2015:1020-01, RHSA-2015:1021-01, RHSA-2015:1091-01, SA40015, SA88, SA91, SB10108, SB10110, SOL16120, SOL16123, SOL16124, SOL16126, SOL16135, SOL16136, SOL16139, SP-CAAANXD, SPL-95203, SPL-95206, SSA:2015-009-01, SSRT101885, SSRT102000, SUSE-SU-2015:1073-1, SUSE-SU-2015:1085-1, SUSE-SU-2015:1086-1, SUSE-SU-2015:1086-2, SUSE-SU-2015:1086-3, SUSE-SU-2015:1086-4, SUSE-SU-2015:1138-1, SUSE-SU-2015:1161-1, T1022075, USN-2459-1, VIGILANCE-VUL-16301, VN-2015-003_FREAK, VU#243585.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The TLS protocol uses a series of messages which have to be exchanged between the client and the server, before establishing a secured session.

Several cryptographic algorithms can be negotiated, such as algorithms allowed for USA export (less than 512 bits).

An attacker, located as a Man-in-the-Middle, can inject during the session initialization a message choosing an export algorithm. This message should generate an error, however some TLS clients accept it.

Note: the variant related to Windows is described in VIGILANCE-VUL-16332.

An attacker, located as a Man-in-the-Middle, can therefore force the Chrome, JSSE, LibReSSL, Mono or OpenSSL client to accept a weak export algorithm, in order to more easily capture or alter exchanged data.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2015-1451 CVE-2015-1452 CVE-2015-1571

Fortinet FortiOS: multiple vulnerabilities of CAPWAP

Synthesis of the vulnerability

An attacker can use several vulnerabilities of CAPWAP of Fortinet FortiOS.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 29/01/2015.
Identifiers: CVE-2015-1451, CVE-2015-1452, CVE-2015-1571, FG-IR-15-002, VIGILANCE-VUL-16081.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Fortinet FortiOS CAPWAP (Control And Provisioning of Wireless Access Points).

An attacker can send numerous DTLS ClientHello packets, in order to trigger a denial of service. [severity:2/4; CVE-2015-1452]

Key used for DTLS are constant, so an attacker can act as a Man-In-The-Middle. However, Fortinet disputes this vulnerability. [severity:1/4; CVE-2015-1571]

An attacker can trigger a Cross Site Scripting with a CAPWAP Join packet, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2015-1451]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2014-8730 CVE-2015-2774

Check Point, Cisco, IBM, F5, FortiOS: information disclosure via POODLE on TLS

Synthesis of the vulnerability

An attacker, located as a Man-in-the-Middle, can decrypt a Terminating TLS session, in order to obtain sensitive information.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 09/12/2014.
Revision date: 17/12/2014.
Identifiers: 1450666, 1610582, 1647054, 1692906, 1693052, 1693142, bulletinjul2017, CERTFR-2014-AVI-533, CSCus08101, CSCus09311, CVE-2014-8730, CVE-2015-2774, FEDORA-2015-12923, FEDORA-2015-12970, openSUSE-SU-2016:0523-1, sk103683, SOL15882, USN-3571-1, VIGILANCE-VUL-15756.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The VIGILANCE-VUL-15485 (POODLE) vulnerability originates from an incorrect management of SSLv3 padding.

The F5 BIG-IP product can be configured to "terminate" SSL/TLS sessions. However, even when TLS is used, this BIG-IP feature uses the SSLv3 function to manage the padding. TLS sessions are thus also vulnerable to POODLE.

The same vulnerability also impacts Check Point, Cisco, IBM and Fortinet products.

An attacker, located as a Man-in-the-Middle, can therefore decrypt a Terminating TLS session, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer threat alert CVE-2014-3566

SSL 3.0: decrypting session, POODLE

Synthesis of the vulnerability

An attacker, located as a Man-in-the-Middle, can decrypt a SSL 3.0 session, in order to obtain sensitive information.
Severity: 3/4.
Creation date: 15/10/2014.
Identifiers: 10923, 1589583, 1595265, 1653364, 1657963, 1663874, 1687167, 1687173, 1687433, 1687604, 1687611, 1690160, 1690185, 1690342, 1691140, 1692551, 1695392, 1696383, 1699051, 1700706, 2977292, 3009008, 7036319, aid-10142014, AST-2014-011, bulletinapr2015, bulletinjan2015, bulletinjan2016, bulletinjul2015, bulletinjul2016, bulletinoct2015, c04486577, c04487990, c04492722, c04497114, c04506802, c04510230, c04567918, c04616259, c04626982, c04676133, c04776510, CERTFR-2014-ALE-007, CERTFR-2014-AVI-454, CERTFR-2014-AVI-509, CERTFR-2015-AVI-169, CERTFR-2016-AVI-303, cisco-sa-20141015-poodle, cpujul2017, CTX216642, CVE-2014-3566, DSA-3053-1, DSA-3253-1, DSA-3489-1, ESA-2014-178, ESA-2015-098, ESXi500-201502001, ESXi500-201502101-SG, ESXi510-201503001, ESXi510-201503001-SG, ESXi510-201503101-SG, ESXi550-201501001, ESXi550-201501101-SG, FEDORA-2014-12989, FEDORA-2014-12991, FEDORA-2014-13012, FEDORA-2014-13017, FEDORA-2014-13040, FEDORA-2014-13069, FEDORA-2014-13070, FEDORA-2014-13444, FEDORA-2014-13451, FEDORA-2014-13764, FEDORA-2014-13777, FEDORA-2014-13781, FEDORA-2014-13794, FEDORA-2014-14234, FEDORA-2014-14237, FEDORA-2014-15379, FEDORA-2014-15390, FEDORA-2014-15411, FEDORA-2014-17576, FEDORA-2014-17587, FEDORA-2015-9090, FEDORA-2015-9110, FreeBSD-SA-14:23.openssl, FSC-2014-8, HPSBGN03256, HPSBGN03305, HPSBGN03332, HPSBHF03156, HPSBHF03300, HPSBMU03152, HPSBMU03184, HPSBMU03213, HPSBMU03416, HPSBUX03162, HPSBUX03194, JSA10656, MDVSA-2014:203, MDVSA-2014:218, MDVSA-2015:062, NetBSD-SA2014-015, nettcp_advisory, openSUSE-SU-2014:1331-1, openSUSE-SU-2014:1384-1, openSUSE-SU-2014:1395-1, openSUSE-SU-2014:1426-1, openSUSE-SU-2016:0640-1, openSUSE-SU-2016:1586-1, openSUSE-SU-2017:0980-1, PAN-SA-2014-0005, POODLE, RHSA-2014:1652-01, RHSA-2014:1653-01, RHSA-2014:1692-01, RHSA-2014:1920-01, RHSA-2014:1948-01, RHSA-2015:0010-01, RHSA-2015:0011-01, RHSA-2015:0012-01, RHSA-2015:1545-01, RHSA-2015:1546-01, SA83, SB10090, SB10104, sk102989, SOL15702, SP-CAAANKE, SP-CAAANST, SPL-91947, SPL-91948, SSA:2014-288-01, SSA-396873, SSA-472334, SSRT101767, STORM-2014-02-FR, SUSE-SU-2014:1357-1, SUSE-SU-2014:1361-1, SUSE-SU-2014:1386-1, SUSE-SU-2014:1387-1, SUSE-SU-2014:1387-2, SUSE-SU-2014:1409-1, SUSE-SU-2015:0010-1, SUSE-SU-2016:1457-1, SUSE-SU-2016:1459-1, T1021439, TSB16540, USN-2839-1, VIGILANCE-VUL-15485, VMSA-2015-0001, VMSA-2015-0001.1, VMSA-2015-0001.2, VN-2014-003, VU#577193.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An SSL/TLS session can be established using several protocols:
 - SSL 2.0 (obsolete)
 - SSL 3.0
 - TLS 1.0
 - TLS 1.1
 - TLS 1.2

An attacker can downgrade the version to SSLv3. However, with SSL 3.0, an attacker can change the padding position with a CBC encryption, in order to progressively guess clear text fragments.

This vulnerability is named POODLE (Padding Oracle On Downgraded Legacy Encryption).

An attacker, located as a Man-in-the-Middle, can therefore decrypt a SSL 3.0 session, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Fortinet FortiGate: