CVE-2015-5965: Input Validation
First published: Tue Aug 11 2015(Updated: )
The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a crafted MAC field.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiOS IPS Engine | <=4.3.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-5965?
CVE-2015-5965 is classified as a medium severity vulnerability.
How do I fix CVE-2015-5965?
To mitigate CVE-2015-5965, upgrade Fortinet FortiOS to version 4.3.13 or higher.
What does CVE-2015-5965 exploit?
CVE-2015-5965 exploits a vulnerability in the TLS MAC validation in Fortinet's SSL-VPN feature.
Can CVE-2015-5965 lead to data breaches?
Yes, CVE-2015-5965 can allow attackers to spoof encrypted content, potentially leading to data breaches.
What versions of FortiOS are affected by CVE-2015-5965?
CVE-2015-5965 affects Fortinet FortiOS versions up to 4.3.12.
- agent/type
- agent/softwarecombine
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/fortinet
- canonical/fortinet fortios ips engine
- version/fortinet fortios ips engine/4.3.12