CVE-2015-5965 Information

Description

The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages which makes it easier for remote attackers to spoof encrypted content via a crafted MAC field.

Reference

http://www.fortiguard.com/advisory/FG-IR-15-016/ http://www.securityfocus.com/bid/76065 http://www.securitytracker.com/id/1033256 https://security.gentoo.org/glsa/201508-01 https://vivaldi.net/en-US/blogs/entry/the-poodle-has-friends