Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-110582
HistoryOct 18, 2019 - 12:00 a.m.

Fortinet FortiOS CVE-2019-15703 Insufficient Entropy Vulnerability

2019-10-1800:00:00
Symantec Security Response
www.symantec.com
27

0.002 Low

EPSS

Percentile

54.1%

JSON

Description

Fortinet FortiOS is prone to an insufficent entropy vulnerability. Remote attackers can exploit this issue to perform side-channel attacks and obtain sensitive information. This aids in other attacks.

Technologies Affected

  • Fortinet FortiOS 2.36.0
  • Fortinet FortiOS 2.50.0
  • Fortinet FortiOS 2.50.0 MR5
  • Fortinet FortiOS 2.8.0 MR10
  • Fortinet FortiOS 2.80 MR12
  • Fortinet FortiOS 2.80.0
  • Fortinet FortiOS 3.0 MR1
  • Fortinet FortiOS 3.0 MR2
  • Fortinet FortiOS 3.0.0
  • Fortinet FortiOS 4.3.10
  • Fortinet FortiOS 4.3.12
  • Fortinet FortiOS 4.3.13
  • Fortinet FortiOS 4.3.14
  • Fortinet FortiOS 4.3.8
  • Fortinet FortiOS 4.3.8 B0537
  • Fortinet FortiOS 4.3.8 B0630
  • Fortinet FortiOS 5.0
  • Fortinet FortiOS 5.0.1
  • Fortinet FortiOS 5.0.2
  • Fortinet FortiOS 5.0.3
  • Fortinet FortiOS 5.0.5
  • Fortinet Fortios 4.1.10
  • Fortinet Fortios 4.1.11
  • Fortinet Fortios 4.2.12
  • Fortinet Fortios 4.2.13
  • Fortinet Fortios 4.3.0
  • Fortinet Fortios 4.3.15
  • Fortinet Fortios 4.3.16
  • Fortinet Fortios 4.3.17
  • Fortinet Fortios 4.3.18
  • Fortinet Fortios 4.3.19
  • Fortinet Fortios 4.3.9
  • Fortinet Fortios 5.0.0
  • Fortinet Fortios 5.0.4
  • Fortinet Fortios 5.0.6
  • Fortinet Fortios 5.0.7
  • Fortinet Fortios 5.0.7
  • Fortinet Fortios 5.0.8
  • Fortinet Fortios 5.0.9

Recommendations

Block external access at the network boundary, unless external parties require service.
If global access isn’t needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of successful exploits.

Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, run all applications with the minimal amount of privileges required for functionality.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include suspicious URI sequences.

Communicate sensitive information over encrypted channels.
Ensure that only encrypted channels are used for communicating sensitive information.

Updates are available. Please see the references or vendor advisory for more information.

Related

cvelist 1
cve 1
nessus 1
fortinet 1
prion 1
nvd 1
cvelist
cvelist
CVE-2019-15703
2019-10-24 13:53:17
cve
cve
CVE-2019-15703
2019-10-24 14:15:11
nessus
nessus
FortiOS DRBG unsufficient entropy (FG-IR-19-186)
2019-10-25 00:00:00
fortinet
fortinet
Protect
2020-02-13 00:00:00
prion
prion
Design/Logic Flaw
2019-10-24 14:15:00
nvd
nvd
CVE-2019-15703
2019-10-24 14:15:11

0.002 Low

EPSS

Percentile

54.1%

JSON
Related for SMNTC-110582
cvelist1cve1nessus1fortinet1prion1nvd1