CVE-2017-14184 — Sensitive Information Exposure in Fortinet Forticlient

CWE-200 — Sensitive Information Exposure CWE-326 — Inadequate Encryption Strength4 documents4 sources

Severity

8.8HIGHNVD

EPSS

1.6%

top 17.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Forticlient Fortinet Forticlient Sslvpn Client Fortinet INC Forticlient FOR MAC OSX +2 more

Timeline

PublishedDec 15

Latest updateMay 13

Description

An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5fortinet_inc/forticlient_sslvpn_client_for_linux4.4.2334 and below

▶NVDfortinet/forticlient_sslvpn_client< 4.4.2334

▶CVEListV5fortinet_inc/forticlient_for_windows5.6.0 and below

▶NVDfortinet/forticlient< 5.6.0

▶CVEListV5fortinet_inc/forticlient_for_mac_osx5.6.0 and below

🔴Vulnerability Details

GHSA

GHSA-6gmg-c6p4-v53m: An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5↗2022-05-13

▶

CVEList

CVE-2017-14184: An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5↗2017-12-15

▶

📋Vendor Advisories

Fortinet

An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Ma...↗2017-12-15

▶