CVE-2015-5965 — Improper Input Validation in Fortinet Fortios

CWE-20 — Improper Input Validation3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.4%
top 42.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortios
Timeline
PublishedAug 11
Latest updateMay 17

Description

The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a crafted MAC field.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

â–¶NVDfortinet/fortios4.3.12

🔴Vulnerability Details

2
GHSA
GHSA-rhfx-7hwf-9qxj: The SSL-VPN feature in Fortinet FortiOS before 4↗2022-05-17
â–¶
CVEList
CVE-2015-5965: The SSL-VPN feature in Fortinet FortiOS before 4↗2015-08-11
â–¶
CVE-2015-5965 — Improper Input Validation in Fortinet | cvebase