admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-55xx/CVE-2019-5592.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

126 lines
4.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-5592",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2019-08-23T20:15:10.347",
"lastModified": "2020-08-24T17:37:01.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de relleno de Oracle (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) en la implementaci\u00f3n de relleno CBC de FortiOS IPS motor versi\u00f3n 5.000 a 5.006, 4.000 a 4.036, 4.200 a 4.219, 3.547 y menores, cuando se configura con pol\u00edticas de inspecci\u00f3n profunda SSL y con el sensor IPS habilitado puede permitir que un atacante descifre las conexiones TLS que atraviesan el FortiGate a trav\u00e9s del monitoreo del tr\u00e1fico en una posici\u00f3n de hombre en el medio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.00547",
"matchCriteriaId": "830DC4A3-9C25-4314-9F20-BB6075605D69"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.00000",
"versionEndIncluding": "4.00036",
"matchCriteriaId": "4FB91C93-AFCA-4385-8999-71CB5BC1E6AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.00200",
"versionEndIncluding": "4.00219",
"matchCriteriaId": "52FCCBD8-CD08-4C75-8029-740B1C452066"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.00000",
"versionEndIncluding": "5.00006",
"matchCriteriaId": "E01C21FE-03D3-4374-8017-7CA189E3ED5A"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/advisory/FG-IR-19-145",
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink