What is the severity of CVE-2019-15703?

CVE-2019-15703 has been classified as a high-severity vulnerability due to its potential to allow attackers to recover ECDSA secrets.

How do I fix CVE-2019-15703?

To mitigate CVE-2019-15703, upgrade FortiOS to version 6.2.3 or later, or enable hardware TRNG support.

What types of devices are affected by CVE-2019-15703?

CVE-2019-15703 affects Fortinet FortiOS devices that do not enable hardware TRNG and include versions up to 6.2.3.

Is CVE-2019-15703 related to a software or hardware issue?

CVE-2019-15703 is primarily a software issue related to insufficient entropy in the pseudorandom number generator (PRNG) in FortiOS.

Vulnerability/
CVE-2019-15703

high

7.5

CWE

331

24/10/2019

25/10/2024

CVE-2019-15703

Q: What impact does CVE-2019-15703 have on TLS connections?

CVE-2019-15703 can allow attackers to theoretically recover the long-term ECDSA secret during RSA handshake in TLS connections.

First published: Thu Oct 24 2019(Updated: )

An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only.

Credit: psirt@fortinet.com

Affected Software	Affected Version	How to fix
Fortinet FortiOS IPS Engine	<=5.6.9
Fortinet FortiOS IPS Engine	>=6.0.0<6.0.9
Fortinet FortiOS IPS Engine	>=6.2.0<6.2.3

Never miss a vulnerability like this again

Reference Links

https://fortiguard.com/psirt/FG-IR-19-186

Frequently Asked Questions

What is the severity of CVE-2019-15703?
CVE-2019-15703 has been classified as a high-severity vulnerability due to its potential to allow attackers to recover ECDSA secrets.
How do I fix CVE-2019-15703?
To mitigate CVE-2019-15703, upgrade FortiOS to version 6.2.3 or later, or enable hardware TRNG support.
What types of devices are affected by CVE-2019-15703?
CVE-2019-15703 affects Fortinet FortiOS devices that do not enable hardware TRNG and include versions up to 6.2.3.
What impact does CVE-2019-15703 have on TLS connections?
CVE-2019-15703 can allow attackers to theoretically recover the long-term ECDSA secret during RSA handshake in TLS connections.
Is CVE-2019-15703 related to a software or hardware issue?
CVE-2019-15703 is primarily a software issue related to insufficient entropy in the pseudorandom number generator (PRNG) in FortiOS.

agent/type
agent/softwarecombine
agent/references
agent/author
agent/severity
agent/weakness
agent/description
agent/first-publish-date
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/fortinet
canonical/fortinet fortios ips engine
version/fortinet fortios ips engine/5.6.9
version/fortinet fortios ips engine/6.0.0
version/fortinet fortios ips engine/6.2.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.