Sign-up

ID

VAR-201712-0076


CVE

CVE-2017-14184


TITLE

Fortinet FortiClient Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-011306

DESCRIPTION

An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations. Fortinet FortiClient Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiClient is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Fortinet FortiClient Windows, FortiClient for Mac OS X and FortiClient SSLVPN Client for Linux are all products of Fortinet. Fortinet FortiClient Windows is a mobile terminal security solution based on Windows platform. FortiClient for Mac OS X is a version based on the Mac OS X platform. FortiClient SSLVPN Client for Linux is a Linux-based VPN client for connecting Fortigate devices. An information disclosure vulnerability exists in several Fortinet products due to improper secure storage locations. An attacker could exploit this vulnerability to view other VPN authentication certificates. The following products and versions are affected: Windows-based Fortinet FortiClient 5.6.0 and earlier versions; Mac OSX-based FortiClient 5.6.0 and earlier versions; Linux-based FortiClient SSLVPN Client 4.4.2334 and earlier versions

Trust: 1.98

sources: NVD: CVE-2017-14184 // JVNDB: JVNDB-2017-011306 // BID: 102123 // VULHUB: VHN-104881

AFFECTED PRODUCTS

vendor:fortinetmodel:forticlient sslvpn clientscope:ltversion:4.4.2334

Trust: 1.0

vendor:fortinetmodel:forticlientscope:ltversion:5.6.0

Trust: 1.0

vendor:fortinetmodel:forticlientscope:lteversion:for mac osx 5.6.0

Trust: 0.8

vendor:fortinetmodel:forticlientscope:lteversion:for windows 5.6.0

Trust: 0.8

vendor:fortinetmodel:forticlient sslvpn clientscope:lteversion:for linux 4.4.2334

Trust: 0.8

vendor:fortinetmodel:forticlient ssl vpnscope:eqversion:4.4.2334

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.6

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.4.3

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.4.2

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.4.1

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.4

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.2.28

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.0.10

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:3.0.614

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:2.0

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.2.4.0650

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.2.3.633

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.2.3.091

Trust: 0.3

vendor:fortinetmodel:forticlient ssl vpnscope:neversion:4.4.2335

Trust: 0.3

vendor:fortinetmodel:forticlientscope:neversion:5.6.1

Trust: 0.3

sources: BID: 102123 // JVNDB: JVNDB-2017-011306 // NVD: CVE-2017-14184

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-14184
value: HIGH

Trust: 1.0

NVD: CVE-2017-14184
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201709-359
value: HIGH

Trust: 0.6

VULHUB: VHN-104881
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-14184
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-104881
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-14184
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-104881 // JVNDB: JVNDB-2017-011306 // CNNVD: CNNVD-201709-359 // NVD: CVE-2017-14184

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-104881 // JVNDB: JVNDB-2017-011306 // NVD: CVE-2017-14184

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-359

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201709-359

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011306

PATCH
title:FG-IR-17-214url:https://fortiguard.com/psirt/FG-IR-17-214
Trust: 0.8
title:Multiple Fortinet Product information disclosure vulnerability repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118318
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-011306 // 
            
            
            
            CNNVD: CNNVD-201709-359

EXTERNAL IDS
db:NVDid:CVE-2017-14184
Trust: 2.8
db:BIDid:102123
Trust: 2.0
db:JVNDBid:JVNDB-2017-011306
Trust: 0.8
db:CNNVDid:CNNVD-201709-359
Trust: 0.7
db:VULHUBid:VHN-104881
Trust: 0.1
sources:
            
            
            VULHUB: VHN-104881 // 
            
            
            
            BID: 102123 // 
            
            
            
            JVNDB: JVNDB-2017-011306 // 
            
            
            
            CNNVD: CNNVD-201709-359 // 
            
            
            
            NVD: CVE-2017-14184

REFERENCES
url:http://www.securityfocus.com/bid/102123
Trust: 1.7
url:https://fortiguard.com/advisory/fg-ir-17-214
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14184
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-14184
Trust: 0.8
url:http://www.forticlient.com/
Trust: 0.3
url:https://fortiguard.com/psirt/fg-ir-17-214
Trust: 0.3
sources:
            
            
            VULHUB: VHN-104881 // 
            
            
            
            BID: 102123 // 
            
            
            
            JVNDB: JVNDB-2017-011306 // 
            
            
            
            CNNVD: CNNVD-201709-359 // 
            
            
            
            NVD: CVE-2017-14184

CREDITS
M. Li of SEC Consult Vulnerability Lab.
Trust: 0.3
sources:
            
            
            BID: 102123

SOURCES
db:VULHUBid:VHN-104881
db:BIDid:102123
db:JVNDBid:JVNDB-2017-011306
db:CNNVDid:CNNVD-201709-359
db:NVDid:CVE-2017-14184

LAST UPDATE DATE
2024-11-23T22:45:29.632000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-104881date:2020-05-11T00:00:00
db:BIDid:102123date:2017-12-19T22:01:00
db:JVNDBid:JVNDB-2017-011306date:2018-01-15T00:00:00
db:CNNVDid:CNNVD-201709-359date:2020-05-12T00:00:00
db:NVDid:CVE-2017-14184date:2024-11-21T03:12:19.100

SOURCES RELEASE DATE
db:VULHUBid:VHN-104881date:2017-12-15T00:00:00
db:BIDid:102123date:2017-12-07T00:00:00
db:JVNDBid:JVNDB-2017-011306date:2018-01-15T00:00:00
db:CNNVDid:CNNVD-201709-359date:2017-09-12T00:00:00
db:NVDid:CVE-2017-14184date:2017-12-15T21:29:00.243