Vulnerabilities > CVE-2019-15703 - Insufficient Entropy vulnerability in Fortinet Fortios

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

fortinet

CWE-331

nessus

NVD

Published: 2019-10-24

Updated: 2022-03-31

Summary

An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only.

Vulnerable Configurations

Part	Description	Count
OS	Fortinet Fortinet Fortios 3.1.0 Fortinet Fortios 3.2.0 Fortinet Fortios 3.3.0 Fortinet Fortios 3.3.3 Fortinet Fortios 3.3.5 Fortinet Fortios 3.3.6 Fortinet Fortios 3.3.7 Fortinet Fortios 3.3.8 Fortinet Fortios 3.3.9 Fortinet Fortios 3.3.10 Fortinet Fortios 3.3.11 Fortinet Fortios 3.3.12 Fortinet Fortios 3.3.13 Fortinet Fortios 3.3.14 Fortinet Fortios 3.4.0 Fortinet Fortios 3.4.1 Fortinet Fortios 3.4.2 Fortinet Fortios 3.4.3 Fortinet Fortios 3.4.4 Fortinet Fortios 3.4.5 Fortinet Fortios 3.5.0 Fortinet Fortios 3.5.1 Fortinet Fortios 3.5.2 Fortinet Fortios 3.5.3 Fortinet Fortios 3.5.4 Fortinet Fortios 3.5.5 Fortinet Fortios 3.5.6 Fortinet Fortios 3.5.7 Fortinet Fortios 3.6.0 Fortinet Fortios 3.6.1 Fortinet Fortios 3.6.2 Fortinet Fortios 3.6.3 Fortinet Fortios 3.6.4 Fortinet Fortios 3.6.5 Fortinet Fortios 3.6.6 Fortinet Fortios 3.7.0 Fortinet Fortios 3.7.1 Fortinet Fortios 3.7.2 Fortinet Fortios 3.7.3 Fortinet Fortios 3.7.4 Fortinet Fortios 3.7.5 Fortinet Fortios 3.7.6 Fortinet Fortios 3.7.7 Fortinet Fortios 3.7.8 Fortinet Fortios 3.7.9 Fortinet Fortios 3.7.10 Fortinet Fortios 4.0.0 Fortinet Fortios 4.0.1 Fortinet Fortios 4.0.2 Fortinet Fortios 4.0.3 Fortinet Fortios 4.0.4 Fortinet Fortios 4.1.0 Fortinet Fortios 4.1.1 Fortinet Fortios 4.1.2 Fortinet Fortios 4.1.3 Fortinet Fortios 4.1.4 Fortinet Fortios 4.1.5 Fortinet Fortios 4.1.6 Fortinet Fortios 4.1.7 Fortinet Fortios 4.1.8 Fortinet Fortios 4.1.9 Fortinet Fortios 4.1.10 Fortinet Fortios 4.1.11 Fortinet Fortios 4.2.0 Fortinet Fortios 4.2.1 Fortinet Fortios 4.2.2 Fortinet Fortios 4.2.3 Fortinet Fortios 4.2.4 Fortinet Fortios 4.2.5 Fortinet Fortios 4.2.6 Fortinet Fortios 4.2.7 Fortinet Fortios 4.2.8 Fortinet Fortios 4.2.9 Fortinet Fortios 4.2.10 Fortinet Fortios 4.2.11 Fortinet Fortios 4.2.12 Fortinet Fortios 4.2.13 Fortinet Fortios 4.2.14 Fortinet Fortios 4.2.15 Fortinet Fortios 4.2.16 Fortinet Fortios 4.3.0 Fortinet Fortios 4.3.1 Fortinet Fortios 4.3.2 Fortinet Fortios 4.3.3 Fortinet Fortios 4.3.4 Fortinet Fortios 4.3.5 Fortinet Fortios 4.3.6 Fortinet Fortios 4.3.7 Fortinet Fortios 4.3.8 Fortinet Fortios 4.3.9 Fortinet Fortios 4.3.10 Fortinet Fortios 4.3.11 Fortinet Fortios 4.3.12 Fortinet Fortios 4.3.13 Fortinet Fortios 4.3.14 Fortinet Fortios 4.3.15 Fortinet Fortios 4.3.16 Fortinet Fortios 4.3.17 Fortinet Fortios 4.3.18 Fortinet Fortios 4.3.19 Fortinet Fortios 5.0 Fortinet Fortios 5.0.0 Fortinet Fortios 5.0.1 Fortinet Fortios 5.0.2 Fortinet Fortios 5.0.3 Fortinet Fortios 5.0.4 Fortinet Fortios 5.0.5 Fortinet Fortios 5.0.6 Fortinet Fortios 5.0.7 Fortinet Fortios 5.0.8 Fortinet Fortios 5.0.9 Fortinet Fortios 5.0.10 Fortinet Fortios 5.0.11 Fortinet Fortios 5.0.12 Fortinet Fortios 5.0.13 Fortinet Fortios 5.0.14 Fortinet Fortios 5.2.0 Fortinet Fortios 5.2.1 Fortinet Fortios 5.2.2 Fortinet Fortios 5.2.3 Fortinet Fortios 5.2.4 Fortinet Fortios 5.2.5 Fortinet Fortios 5.2.6 Fortinet Fortios 5.2.7 Fortinet Fortios 5.2.8 Fortinet Fortios 5.2.9 Fortinet Fortios 5.2.10 Fortinet Fortios 5.2.11 Fortinet Fortios 5.2.12 Fortinet Fortios 5.2.13 Fortinet Fortios 5.2.14 Fortinet Fortios 5.2.15 Fortinet Fortios 5.4 Fortinet Fortios 5.4.0 Fortinet Fortios 5.4.1 Fortinet Fortios 5.4.2 Fortinet Fortios 5.4.3 Fortinet Fortios 5.4.4 Fortinet Fortios 5.4.5 Fortinet Fortios 5.4.6 Fortinet Fortios 5.4.7 Fortinet Fortios 5.4.8 Fortinet Fortios 5.4.9 Fortinet Fortios 5.4.10 Fortinet Fortios 5.4.11 Fortinet Fortios 5.4.12 Fortinet Fortios 5.4.13 Fortinet Fortios 5.6.0 Fortinet Fortios 5.6.1 Fortinet Fortios 5.6.2 Fortinet Fortios 5.6.3 Fortinet Fortios 5.6.4 Fortinet Fortios 5.6.5 Fortinet Fortios 5.6.6 Fortinet Fortios 5.6.7 Fortinet Fortios 5.6.8 Fortinet Fortios 5.6.9 Fortinet Fortios 6.0.0 Fortinet Fortios 6.0.1 Fortinet Fortios 6.0.2 Fortinet Fortios 6.0.3 Fortinet Fortios 6.0.4 Fortinet Fortios 6.0.5 Fortinet Fortios 6.0.6 Fortinet Fortios 6.0.7 Fortinet Fortios 6.0.8 Fortinet Fortios 6.2.0 Fortinet Fortios 6.2.1 Fortinet Fortios 6.2.2	169

Common Weakness Enumeration (CWE)

CWE-331 - Insufficient Entropy

Common Attack Pattern Enumeration and Classification (CAPEC)

Session Credential Falsification through Prediction
This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

NASL family	Firewalls
NASL id	FORTIOS_FG-IR-19-186.NASL
description	An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only.
last seen	2020-06-01
modified	2020-06-02
plugin id	130209
published	2019-10-25
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130209
title	FortiOS DRBG unsufficient entropy (FG-IR-19-186)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(130209); script_version("1.4"); script_cvs_date("Date: 2019/11/22"); script_cve_id("CVE-2019-15703"); script_name(english:"FortiOS DRBG unsufficient entropy (FG-IR-19-186)"); script_summary(english:"Checks the version of FortiOS."); script_set_attribute(attribute:"synopsis", value: "The remote host is affected by an information disclosure vulnerability."); script_set_attribute(attribute:"description", value: "An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only."); script_set_attribute(attribute:"see_also", value:"https://fortiguard.com/psirt/FG-IR-19-186"); script_set_attribute(attribute:"solution", value: "Upgrade to Fortinet FortiOS version 6.2.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-15703"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/18"); script_set_attribute(attribute:"patch_publication_date", value:"2019/10/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/25"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fortinet:fortios"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Firewalls"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("fortinet_version.nbin"); script_require_keys("Host/Fortigate/model", "Host/Fortigate/version", "Settings/ParanoidReport"); exit(0); } include('audit.inc'); include('vcf.inc'); if (report_paranoia < 2) audit(AUDIT_PARANOID); app_name = 'FortiOS'; app_info = vcf::get_app_info(app:app_name, kb_ver:'Host/Fortigate/version'); constraints = [ { 'fixed_version' : '6.2.1' } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);

References

https://fortiguard.com/psirt/FG-IR-19-186