var-201712-0076
Vulnerability from variot
An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations. Fortinet FortiClient Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiClient is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Fortinet FortiClient Windows, FortiClient for Mac OS X and FortiClient SSLVPN Client for Linux are all products of Fortinet. Fortinet FortiClient Windows is a mobile terminal security solution based on Windows platform. FortiClient for Mac OS X is a version based on the Mac OS X platform. FortiClient SSLVPN Client for Linux is a Linux-based VPN client for connecting Fortigate devices. An information disclosure vulnerability exists in several Fortinet products due to improper secure storage locations. An attacker could exploit this vulnerability to view other VPN authentication certificates. The following products and versions are affected: Windows-based Fortinet FortiClient 5.6.0 and earlier versions; Mac OSX-based FortiClient 5.6.0 and earlier versions; Linux-based FortiClient SSLVPN Client 4.4.2334 and earlier versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0076",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "forticlient sslvpn client",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.4.2334"
},
{
"model": "forticlient",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.6.0"
},
{
"model": "forticlient",
"scope": "lte",
"trust": 0.8,
"vendor": "fortinet",
"version": "for mac osx 5.6.0"
},
{
"model": "forticlient",
"scope": "lte",
"trust": 0.8,
"vendor": "fortinet",
"version": "for windows 5.6.0"
},
{
"model": "forticlient sslvpn client",
"scope": "lte",
"trust": 0.8,
"vendor": "fortinet",
"version": "for linux 4.4.2334"
},
{
"model": "forticlient ssl vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.4.2334"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.6"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.3"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.2"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.1"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.2.28"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.10"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "3.0.614"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "2.0"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.2.4.0650"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.2.3.633"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.2.3.091"
},
{
"model": "forticlient ssl vpn",
"scope": "ne",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.4.2335"
},
{
"model": "forticlient",
"scope": "ne",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.6.1"
}
],
"sources": [
{
"db": "BID",
"id": "102123"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011306"
},
{
"db": "NVD",
"id": "CVE-2017-14184"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fortinet:forticlient",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fortinet:forticlient_sslvpn_client",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011306"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "M. Li of SEC Consult Vulnerability Lab.",
"sources": [
{
"db": "BID",
"id": "102123"
}
],
"trust": 0.3
},
"cve": "CVE-2017-14184",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2017-14184",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-104881",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-14184",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-14184",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-14184",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-359",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-104881",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104881"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011306"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-359"
},
{
"db": "NVD",
"id": "CVE-2017-14184"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other\u0027s VPN authentication credentials due to improperly secured storage locations. Fortinet FortiClient Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiClient is prone to a local information-disclosure vulnerability. \nLocal attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Fortinet FortiClient Windows, FortiClient for Mac OS X and FortiClient SSLVPN Client for Linux are all products of Fortinet. Fortinet FortiClient Windows is a mobile terminal security solution based on Windows platform. FortiClient for Mac OS X is a version based on the Mac OS X platform. FortiClient SSLVPN Client for Linux is a Linux-based VPN client for connecting Fortigate devices. An information disclosure vulnerability exists in several Fortinet products due to improper secure storage locations. An attacker could exploit this vulnerability to view other VPN authentication certificates. The following products and versions are affected: Windows-based Fortinet FortiClient 5.6.0 and earlier versions; Mac OSX-based FortiClient 5.6.0 and earlier versions; Linux-based FortiClient SSLVPN Client 4.4.2334 and earlier versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14184"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011306"
},
{
"db": "BID",
"id": "102123"
},
{
"db": "VULHUB",
"id": "VHN-104881"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14184",
"trust": 2.8
},
{
"db": "BID",
"id": "102123",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011306",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-359",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-104881",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104881"
},
{
"db": "BID",
"id": "102123"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011306"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-359"
},
{
"db": "NVD",
"id": "CVE-2017-14184"
}
]
},
"id": "VAR-201712-0076",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-104881"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:45:29.632000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-17-214",
"trust": 0.8,
"url": "https://fortiguard.com/psirt/FG-IR-17-214"
},
{
"title": "Multiple Fortinet Product information disclosure vulnerability repair measures",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118318"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011306"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-359"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104881"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011306"
},
{
"db": "NVD",
"id": "CVE-2017-14184"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/102123"
},
{
"trust": 1.7,
"url": "https://fortiguard.com/advisory/fg-ir-17-214"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14184"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14184"
},
{
"trust": 0.3,
"url": "http://www.forticlient.com/"
},
{
"trust": 0.3,
"url": "https://fortiguard.com/psirt/fg-ir-17-214"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104881"
},
{
"db": "BID",
"id": "102123"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011306"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-359"
},
{
"db": "NVD",
"id": "CVE-2017-14184"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-104881"
},
{
"db": "BID",
"id": "102123"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011306"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-359"
},
{
"db": "NVD",
"id": "CVE-2017-14184"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-15T00:00:00",
"db": "VULHUB",
"id": "VHN-104881"
},
{
"date": "2017-12-07T00:00:00",
"db": "BID",
"id": "102123"
},
{
"date": "2018-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011306"
},
{
"date": "2017-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-359"
},
{
"date": "2017-12-15T21:29:00.243000",
"db": "NVD",
"id": "CVE-2017-14184"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-104881"
},
{
"date": "2017-12-19T22:01:00",
"db": "BID",
"id": "102123"
},
{
"date": "2018-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011306"
},
{
"date": "2020-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-359"
},
{
"date": "2024-11-21T03:12:19.100000",
"db": "NVD",
"id": "CVE-2017-14184"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-359"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet FortiClient Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011306"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-359"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.