Sensitive Information Exposure in FortiClient for Mac
CVE-2019-15704

5.5MEDIUM

Key Information:

Vendor: Fortinet
Status: Forticlient For Mac Os
Vendor: CVE Published:; 21 November 2019

What is CVE-2019-15704?

FortiClient for Mac contains a vulnerability that permits local attackers to read sensitive data logged to the console window during the establishment of a connection to an SSL VPN Gateway. This may lead to unauthorized access to information stored in clear text, which poses a risk to user privacy and data security.

Affected Version(s)

FortiClient for Mac OS FortiClient for Mac OS 6.2.0

FortiClient for Mac OS 6.0.7

References

https://fortiguard.com/advisory/FG-IR-19-227

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2019
Vulnerability Reserved
Aug 27, 2019

Fortinet

What is CVE-2019-15704?

Affected Version(s)

References

CVSS V3.1

Timeline