Cryptographic issues in IPSEngine - CVE-2019-5592
Published: July 23, 2019
Vulnerability identifier: #VU19315
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-5592
CWE-ID: CWE-310
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Fortinet, Inc
Affected software:
IPSEngine
IPSEngine
Detailed vulnerability description
The vulnerability allows a remote attacker to decrypt HTTPS traffic.
The vulnerability exists due to presence of multiple padding oracle vulnerabilities in the CBC padding implementation of FortiOS when configured with SSL Deep Inspection policies and with the IPS sensor enabled. A remote attacker can perform man-in-the-middle (MitM) attack and decrypt HTTP traffic, passed via FortiGate.
The vulnerability affects the following IPS Engine versions:
- IPS engine version 5.00000 to 5.00006
- IPS engine version 4.00000 to 4.00036
- IPS engine version 4.00200 to 4.00219
- IPS engine version 3.00547 and below
How to mitigate CVE-2019-5592
Install updates from vendor's website.
Specifically on following FortiOS branches:
- IPSEngine 3.00548 will deploy to FortiOS 5.6 and below branches.
- IPSEngine 4.00037 will deploy to ForitOS 6.0 branch
- IPSEngine 5.00007 will deploy to FortiOS 6.2 branch