CVE-2014-8730 "Poodle for TLS" vulnerability Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-14-034 Final 1 1 2014-12-18T00:00:00 Current version 2014-12-18T00:00:00 2014-12-18T00:00:00 Information disclosure FortiOS 5.2.2, 5.2.1, 5.2.0, 5.0.10 and lower running on a hardware appliance when all the following conditions are met:FortiGate models with accelerated CP processorsThe SSL connection is using TLS v1.0, v1.1 or v1.2The SSL ciphers are CBCOnly the following features are affected: virtual server with SSL, SSL offload, explicit-proxy SSL,transparent-proxy SSL, web-cache SSL, Wan Opt SSL and SIP SSLAll versions of Fortigate VM, FortiOS 5.4 branch, FortiOS 5.6 branch and next releases are not vulnerable. FortiOS 5.0 branch users must upgrade to 5.0.11 or higher.FortiOS 5.2.0 branch customers must upgrade to 5.2.3 or higher.The customers running FortiOS 5.2.2, 5.2.1, 5.2.0, 5.0.10 and lower under all conditions met as per the affected product section can apply the following workaround: config system globalset virtual-server-hardware-acceleration disableendNote: The performance impact may be significant.To protect devices with a FortiGate, the following IPS signature blocks any attack attempt and is available since IPS update 5.587: TLS.Padding.Oracle.Information.Disclosure https://fortiguard.fortinet.com/psirt/FG-IR-14-034 CVE-2014-8730 "Poodle for TLS" vulnerability https://www.imperialviolet.org/2014/12/08/poodleagain.html https://www.imperialviolet.org/2014/12/08/poodleagain.html CVE-2014-8730 https://fortiguard.fortinet.com/psirt/FG-IR-14-034 CVE-2014-8730 "Poodle for TLS" vulnerability Reference> https://www.imperialviolet.org/2014/12/08/poodleagain.html https://www.imperialviolet.org/2014/12/08/poodleagain.html