CVE-2017-14184

8.8HIGH

Key Information:

Vendor: Fortinet
Status: Forticlient For Windows; Forticlient For Mac Osx; Forticlient Sslvpn Client For Linux
Vendor: CVE Published:; 15 December 2017

Summary

An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.

Affected Version(s)

FortiClient for Mac OSX 5.6.0 and below

FortiClient for Windows 5.6.0 and below

FortiClient SSLVPN Client for Linux 4.4.2334 and below

References

https://fortiguard.com/advisory/FG-IR-17-214

x_refsource_CONFIRM

http://www.securityfocus.com/bid/102123

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 15, 2017
Vulnerability Reserved
Sep 7, 2017