Information Disclosure Vulnerability in Fortinet FortiClient Software
CVE-2017-14184

8.8HIGH

Key Information:

Vendor: Fortinet
Status: Forticlient For Windows; Forticlient For Mac Osx; Forticlient Sslvpn Client For Linux
Vendor: CVE Published:; 15 December 2017

Summary

An information disclosure vulnerability in Fortinet FortiClient software allows unauthorized users to access and view each other's VPN authentication credentials. This issue stems from insecure storage of sensitive information in the affected versions of FortiClient for Windows, Mac OSX, and the SSLVPN Client for Linux, posing significant risks to user privacy and security.

Affected Version(s)

FortiClient for Mac OSX 5.6.0 and below

FortiClient for Windows 5.6.0 and below

FortiClient SSLVPN Client for Linux 4.4.2334 and below

References

https://fortiguard.com/advisory/FG-IR-17-214

x_refsource_CONFIRM

http://www.securityfocus.com/bid/102123

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 15, 2017
Vulnerability Reserved
Sep 7, 2017