PSIRT Advisory

FortiOS SSL Deep Inspection TLS Padding Oracle Vulnerabilities

Summary

Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS when configured with SSL Deep Inspection policies and with the IPS sensor enabled may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position.

Impact

Information Disclosure

Affected Products

FortiOS when using the following IPS Engine versions:

IPS engine version 5.00000 to 5.00006

IPS engine version 4.00000 to 4.00036

IPS engine version 4.00200 to 4.00219

IPS engine version 3.00547 and below

Solutions

Update to IPS engine 3.00548, 4.00037,  5.00007 or above.

Specifically on following FortiOS branches:

IPSEngine 3.00548 will deploy to FortiOS 5.6 and below branches.

IPSEngine 4.00037 will deploy to ForitOS 6.0 branch

IPSEngine 5.00007 will deploy to FortiOS 6.2 branch

To check for FortiOS IPS engine version on FortiOS:

From admin CLI console:

run command "diag autoupdate versions"

IPS Attack Engine

Version: x.xxxxx

From admin webUI:

System->FortiGuard->IPS Engine->Version x.xxxxx

For IPS engine and FortiOS version compatibility chart, please refer the following link:

https://pub.kb.fortinet.com/ksmcontent/Fortinet-Public/current/FortiGate_6_0/fortios-fortiaps-ips-av-compatibility.pdf