Information Disclosure in FortiClient for Windows, Linux, and Mac by Fortinet
CVE-2023-37939

3LOW

Key Information:

Vendor: Fortinet
Status: Forticlientmac; Forticlientwindows; Forticlientlinux
Vendor: CVE Published:; 10 October 2023

What is CVE-2023-37939?

A vulnerability in FortiClient could allow a local authenticated attacker without administrative privileges to potentially access sensitive information. This includes the ability to view a list of files or folders that have been excluded from malware scanning, thereby exposing sensitive data inadvertently. The issue affects multiple versions of FortiClient across different operating systems including Windows, Linux, and Mac.

Affected Version(s)

FortiClientLinux 7.2.0

FortiClientLinux 7.0.6 <= 7.0.9

FortiClientLinux 7.0.0 <= 7.0.4

References

https://fortiguard.com/psirt/FG-IR-22-235

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2023
Vulnerability Reserved
Jul 11, 2023