ID

VAR-201911-1309


CVE

CVE-2019-15704


TITLE

FortiClient Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-012331

DESCRIPTION

A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway. FortiClient Contains an information disclosure vulnerability.Information may be obtained. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. There are security vulnerabilities in Fortinet FortiClient 6.2.0 and earlier versions and 6.0.7 and earlier versions based on the Mac OS platform. The vulnerability stems from the fact that the program stores sensitive information in plain text

Trust: 1.71

sources: NVD: CVE-2019-15704 // JVNDB: JVNDB-2019-012331 // VULHUB: VHN-147777

AFFECTED PRODUCTS

vendor:fortinetmodel:forticlientscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:forticlientscope:lteversion:6.0.7

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:(mac)

Trust: 0.8

sources: JVNDB: JVNDB-2019-012331 // NVD: CVE-2019-15704

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15704
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-15704
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201911-490
value: MEDIUM

Trust: 0.6

VULHUB: VHN-147777
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-15704
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-147777
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-15704
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-15704
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-147777 // JVNDB: JVNDB-2019-012331 // CNNVD: CNNVD-201911-490 // NVD: CVE-2019-15704

PROBLEMTYPE DATA

problemtype:CWE-311

Trust: 1.1

problemtype:CWE-200

Trust: 0.8

sources: VULHUB: VHN-147777 // JVNDB: JVNDB-2019-012331 // NVD: CVE-2019-15704

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-490

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201911-490

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012331

PATCH

title:FG-IR-19-227url:https://fortiguard.com/advisory/FG-IR-19-227

Trust: 0.8

title:Fortinet FortiClient Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103684

Trust: 0.6

sources: JVNDB: JVNDB-2019-012331 // CNNVD: CNNVD-201911-490

EXTERNAL IDS

db:NVDid:CVE-2019-15704

Trust: 2.5

db:JVNDBid:JVNDB-2019-012331

Trust: 0.8

db:CNNVDid:CNNVD-201911-490

Trust: 0.7

db:AUSCERTid:ESB-2019.4235

Trust: 0.6

db:VULHUBid:VHN-147777

Trust: 0.1

sources: VULHUB: VHN-147777 // JVNDB: JVNDB-2019-012331 // CNNVD: CNNVD-201911-490 // NVD: CVE-2019-15704

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-19-227

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-15704

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15704

Trust: 0.8

url:https://fortiguard.com/psirt/fg-ir-19-227

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4235/

Trust: 0.6

url:https://vigilance.fr/vulnerability/forticlient-for-mac-os-information-disclosure-via-console-window-clear-text-password-30821

Trust: 0.6

sources: VULHUB: VHN-147777 // JVNDB: JVNDB-2019-012331 // CNNVD: CNNVD-201911-490 // NVD: CVE-2019-15704

SOURCES

db:VULHUBid:VHN-147777
db:JVNDBid:JVNDB-2019-012331
db:CNNVDid:CNNVD-201911-490
db:NVDid:CVE-2019-15704

LAST UPDATE DATE

2024-08-14T14:45:07.385000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-147777date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-012331date:2019-11-29T00:00:00
db:CNNVDid:CNNVD-201911-490date:2020-08-25T00:00:00
db:NVDid:CVE-2019-15704date:2020-08-24T17:37:01.140

SOURCES RELEASE DATE

db:VULHUBid:VHN-147777date:2019-11-21T00:00:00
db:JVNDBid:JVNDB-2019-012331date:2019-11-29T00:00:00
db:CNNVDid:CNNVD-201911-490date:2019-11-08T00:00:00
db:NVDid:CVE-2019-15704date:2019-11-21T15:15:13.823