Vuln: FortiOS IPS engine CVE-2019-5592 Man in the Middle Information Disclosure Vulnerability
FortiOS IPS engine is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks.
The following versions are affected:
IPS engine version 5.00000 through 5.00006
IPS engine version 4.00000 through 4.00036
IPS engine version 4.00200 through 4.00219
IPS engine version 3.00547 and prior
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
| Bugtraq ID: | 109337 |
| Class: | Design Error |
| CVE: | CVE-2019-5592 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 23 2019 12:00AM |
| Updated: | Jul 23 2019 12:00AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: | Fortinet IPS engine 5.00200 Fortinet IPS engine 5.00006 Fortinet IPS engine 5.00000 Fortinet IPS engine 4.00219 Fortinet IPS engine 4.00036 Fortinet IPS engine 4.00000 Fortinet IPS engine 3.00547 |
| Not Vulnerable: | |
References:
- Fortinet Homepage (Fortinet)
- FortiOS SSL Deep Inspection TLS Padding Oracle Vulnerabilities (Fortinet)
from SecurityFocus Vulnerabilities https://ift.tt/2Y1IO47