Fortinet FortiOS < 4.3.13 SSL-VPN TLS MAC Spoofing

Medium Nessus Plugin ID 85806


The remote host is affected by a man-in-the-middle spoofing vulnerability.


The remote host is running a version of FortiOS prior to 4.3.13. It is, therefore, affected by a man-in-the-middle spoofing vulnerability due to a flaw in the SSL-VPN feature. The SSL-VPN feature only validates the first byte of the TLS MAC in finished messages. A remote, man-in-the-middle attacker can exploit this, via a crafted MAC field, to spoof encrypted content, potentially resulting in the disclosure of sensitive information.


Upgrade to Fortinet FortiOS 4.3.14 or later.

Note that version 4.3.13 contained the earliest fix; however, that version contained an unrelated error and was removed from distribution.

See Also

Plugin Details

Severity: Medium

ID: 85806

File Name: fortios_ssl_vpn_tls_mac_mitm.nasl

Version: $Revision: 1.3 $

Type: local

Family: Firewalls

Published: 2015/09/04

Modified: 2017/06/23

Dependencies: 73522

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/o:fortinet:fortios

Required KB Items: Host/Fortigate/model, Host/Fortigate/version, Host/Fortigate/build, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/04/30

Vulnerability Publication Date: 2015/07/14

Reference Information

CVE: CVE-2015-5965

BID: 76065

OSVDB: 125101