CVE-2017-17543

7.5HIGH

Key Information:

Vendor: Fortinet
Status: Forticlient For Windows; Forticlient For Mac Osx; Forticlient Sslvpn Client For Linux
Vendor: CVE Published:; 26 April 2018

Summary

Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms.

Affected Version(s)

FortiClient for Mac OSX 5.6.0 and below versions

FortiClient for Windows 5.6.0 and below versions

FortiClient SSLVPN Client for Linux 4.4.2335 and below versions

References

https://fortiguard.com/advisory/FG-IR-17-214

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 26, 2018
Vulnerability Reserved
Dec 11, 2017