FortiOS SSL Deep Inspection TLS Padding Oracle Vulnerabilities

Multiple padding Oracle vulnerabilities Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length in the CBC padding implementation of FortiOS when configured with SSL Deep Inspection policies and with the IPS sensor enabled may allow an attacker to decipher TLS connections going through the FortiGate by...

CVE-2019-5592

CVE-2019-5592 describes padding oracle vulnerabilities in FortiOS SSL Deep Inspection with CBC padding in the FortiOS IPS engine. Affected FortiGate/FortiOS IPS versions (5.000–5.006, 4.000–4.036, 4.200–4.219, and 3.547 and below) configured with SSL Deep Inspection policies and the IPS sensor en...

CVE-2019-5592

Multiple padding oracle vulnerabilities Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled,...

Zombie POODLE and GOLDENDOODLE Vulnerabilities

Recently new vulnerabilities like Zombie POODLE, GOLDENDOODLE, 0-Length OpenSSL and Sleeping POODLE were published for websites that use CBC Cipher Block Chaining block cipher modes. These vulnerabilities are applicable only if the server uses TLS 1.2 or TLS 1.1 or TLS 1.0 with CBC cipher modes...

CVE-2019-6593

On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle MITM attack, despite the...

Code injection

On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle MITM attack, despite the...

CVE-2019-6593

CVE-2019-6593 affects BIG-IP TMM TLS/Client SSL CBC-mode sessions on versions 11.5.1–11.5.4, 11.6.1 and 12.1.0, enabling plaintext recovery via a chosen-ciphertext MITM without server private-key access. F5 advisory K10065173 documents affected branches: 12.x vulnerable in 12.1.0 with fixes in 12...

F5 Networks BIG-IP : TMM TLS virtual server vulnerability (K10065173)

A BIG-IP virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle MITM attack, despite the attacker not having gained access to t...