ID

VAR-201706-0017


CVE

CVE-2016-8493


TITLE

fortinet's  Windows  for  FortiClient  Vulnerabilities related to authorization, privileges, and access control in

Trust: 0.8

sources: JVNDB: JVNDB-2016-009740

DESCRIPTION

In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability. fortinet's Windows for FortiClient contains vulnerabilities related to authorization, privileges, and access control.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiClient is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. FortiClient 5.4.1 and 5.4.2 are vulnerable. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances

Trust: 1.98

sources: NVD: CVE-2016-8493 // JVNDB: JVNDB-2016-009740 // BID: 101682 // VULHUB: VHN-97313

AFFECTED PRODUCTS

vendor:fortinetmodel:forticlientscope:eqversion:5.4.2

Trust: 1.9

vendor:fortinetmodel:forticlientscope:eqversion:5.4.1

Trust: 1.9

vendor:フォーティネットmodel:forticlientscope:eqversion:5.4.2

Trust: 0.8

vendor:フォーティネットmodel:forticlientscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:forticlientscope:eqversion:5.4.1

Trust: 0.8

vendor:fortinetmodel:forticlientscope:neversion:5.6

Trust: 0.3

vendor:fortinetmodel:forticlientscope:neversion:5.4.3

Trust: 0.3

sources: BID: 101682 // JVNDB: JVNDB-2016-009740 // CNNVD: CNNVD-201711-307 // NVD: CVE-2016-8493

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8493
value: HIGH

Trust: 1.0

NVD: CVE-2016-8493
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201711-307
value: CRITICAL

Trust: 0.6

VULHUB: VHN-97313
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-8493
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-97313
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-8493
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-97313 // JVNDB: JVNDB-2016-009740 // CNNVD: CNNVD-201711-307 // NVD: CVE-2016-8493

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.1

problemtype:Authorization / authority / access control (CWE-264) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-97313 // JVNDB: JVNDB-2016-009740 // NVD: CVE-2016-8493

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-307

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201711-307

PATCH

title:FG-IR-16-095url:https://www.fortiguard.com/psirt/FG-IR-16-095

Trust: 0.8

title:Fortinet FortiClient Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76204

Trust: 0.6

sources: JVNDB: JVNDB-2016-009740 // CNNVD: CNNVD-201711-307

EXTERNAL IDS

db:NVDid:CVE-2016-8493

Trust: 3.6

db:BIDid:101682

Trust: 2.8

db:JVNDBid:JVNDB-2016-009740

Trust: 0.8

db:CNNVDid:CNNVD-201711-307

Trust: 0.7

db:VULHUBid:VHN-97313

Trust: 0.1

sources: VULHUB: VHN-97313 // BID: 101682 // JVNDB: JVNDB-2016-009740 // CNNVD: CNNVD-201711-307 // NVD: CVE-2016-8493

REFERENCES

url:http://www.securityfocus.com/bid/101682

Trust: 2.5

url:https://fortiguard.com/psirt/fg-ir-16-095

Trust: 1.4

url:https://nvd.nist.gov/vuln/detail/cve-2016-8493

Trust: 0.8

url:http://www.fortinet.com/

Trust: 0.3

sources: VULHUB: VHN-97313 // BID: 101682 // JVNDB: JVNDB-2016-009740 // CNNVD: CNNVD-201711-307 // NVD: CVE-2016-8493

CREDITS

Zhipeng Huo from Tencent Technology Company Limited.

Trust: 0.9

sources: BID: 101682 // CNNVD: CNNVD-201711-307

SOURCES

db:VULHUBid:VHN-97313
db:BIDid:101682
db:JVNDBid:JVNDB-2016-009740
db:CNNVDid:CNNVD-201711-307
db:NVDid:CVE-2016-8493

LAST UPDATE DATE

2024-08-14T13:56:47.457000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-97313date:2018-01-17T00:00:00
db:BIDid:101682date:2017-12-19T21:00:00
db:JVNDBid:JVNDB-2016-009740date:2024-07-23T07:03:00
db:CNNVDid:CNNVD-201711-307date:2017-11-10T00:00:00
db:NVDid:CVE-2016-8493date:2018-01-17T16:07:50.010

SOURCES RELEASE DATE

db:VULHUBid:VHN-97313date:2017-06-26T00:00:00
db:BIDid:101682date:2017-11-07T00:00:00
db:JVNDBid:JVNDB-2016-009740date:2024-07-23T00:00:00
db:CNNVDid:CNNVD-201711-307date:2017-11-10T00:00:00
db:NVDid:CVE-2016-8493date:2017-06-26T17:29:00.187