PSIRT

"POODLE has friends" vulnerability

Description

The SSL-VPN feature of FortiOS 4.3.12 and lower only checks the first byte of the TLS MAC in the finished message. An attacker may intercept encrypted packets in transit and modifying their contents by changing the middle or the end of the MAC field in the TLS finished message.

Impact Detail

A remote attacker may be able to modify the contents of an encrypted TLS packet without detection of the modifications when the SSL-VPN feature is configured.Fortinet is not aware of any exploit in the wild.

Affected Products

FortiOS 4.3.12 and lower.

Solutions

Customers using the SSL-VPN feature and running FortiOS<= 4.3.12 must upgrade to FortiOS 4.3.13 / 5.0.x / 5.2.x.

Acknowledgement

Thanks to Yngve N. Pettersen for working with us to help protect customers.

References

https://vivaldi.net/en-US/blogs/entry/the-poodle-has-friends

IR Number	FG-IR-15-016
Date	Jul 15, 2015
Severity	Info
Impact	Man in the middle
CVRF	Download

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

PSIRT

"POODLE has friends" vulnerability

Description

Impact Detail

Affected Products

Solutions

Acknowledgement

References

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

PSIRT

"POODLE has friends" vulnerability

Description

Impact Detail

Affected Products

Solutions

Acknowledgement

References

Threat Intelligence
Center