PSIRT Advisory
FortiOS SSL Deep Inspection TLS Padding Oracle Vulnerabilities
Summary
Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS when configured with SSL Deep Inspection policies and with the IPS sensor enabled may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position.
Impact
Information Disclosure
Affected Products
FortiOS when using the following IPS Engine versions:
IPS engine version 5.00000 to 5.00006
IPS engine version 4.00000 to 4.00036
IPS engine version 4.00200 to 4.00219
IPS engine version 3.00547 and below
Solutions
Update to IPS engine 3.00548, 4.00037, 5.00007 or above.
Specifically on following FortiOS branches:
IPSEngine 3.00548 will deploy to FortiOS 5.6 and below branches.
IPSEngine 4.00037 will deploy to ForitOS 6.0 branch
IPSEngine 5.00007 will deploy to FortiOS 6.2 branch
To check for FortiOS IPS engine version on FortiOS:
From admin CLI console:
run command "diag autoupdate versions"
IPS Attack Engine
Version: x.xxxxx
From admin webUI:
System->FortiGuard->IPS Engine->Version x.xxxxx
For IPS engine and FortiOS version compatibility chart, please refer the following link:
https://pub.kb.fortinet.com/ksmcontent/Fortinet-Public/current/FortiGate_6_0/fortios-fortiaps-ips-av-compatibility.pdf