Sign-up

ID

VAR-201911-1309


CVE

CVE-2019-15704


TITLE

FortiClient Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-012331

DESCRIPTION

A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway. FortiClient Contains an information disclosure vulnerability.Information may be obtained. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. There are security vulnerabilities in Fortinet FortiClient 6.2.0 and earlier versions and 6.0.7 and earlier versions based on the Mac OS platform. The vulnerability stems from the fact that the program stores sensitive information in plain text

Trust: 1.71

sources: NVD: CVE-2019-15704 // JVNDB: JVNDB-2019-012331 // VULHUB: VHN-147777

AFFECTED PRODUCTS

vendor:fortinetmodel:forticlientscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:forticlientscope:lteversion:6.0.7

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:(mac)

Trust: 0.8

sources: JVNDB: JVNDB-2019-012331 // NVD: CVE-2019-15704

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15704
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-15704
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201911-490
value: MEDIUM

Trust: 0.6

VULHUB: VHN-147777
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-15704
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-147777
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-15704
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-15704
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-147777 // JVNDB: JVNDB-2019-012331 // CNNVD: CNNVD-201911-490 // NVD: CVE-2019-15704

PROBLEMTYPE DATA

problemtype:CWE-311

Trust: 1.1

problemtype:CWE-200

Trust: 0.8

sources: VULHUB: VHN-147777 // JVNDB: JVNDB-2019-012331 // NVD: CVE-2019-15704

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-490

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201911-490

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012331

PATCH
title:FG-IR-19-227url:https://fortiguard.com/advisory/FG-IR-19-227
Trust: 0.8
title:Fortinet FortiClient Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103684
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-012331 // 
            
            
            
            CNNVD: CNNVD-201911-490

EXTERNAL IDS
db:NVDid:CVE-2019-15704
Trust: 2.5
db:JVNDBid:JVNDB-2019-012331
Trust: 0.8
db:CNNVDid:CNNVD-201911-490
Trust: 0.7
db:AUSCERTid:ESB-2019.4235
Trust: 0.6
db:VULHUBid:VHN-147777
Trust: 0.1
sources:
            
            
            VULHUB: VHN-147777 // 
            
            
            
            JVNDB: JVNDB-2019-012331 // 
            
            
            
            CNNVD: CNNVD-201911-490 // 
            
            
            
            NVD: CVE-2019-15704

REFERENCES
url:https://fortiguard.com/advisory/fg-ir-19-227
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-15704
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15704
Trust: 0.8
url:https://fortiguard.com/psirt/fg-ir-19-227
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.4235/
Trust: 0.6
url:https://vigilance.fr/vulnerability/forticlient-for-mac-os-information-disclosure-via-console-window-clear-text-password-30821
Trust: 0.6
sources:
            
            
            VULHUB: VHN-147777 // 
            
            
            
            JVNDB: JVNDB-2019-012331 // 
            
            
            
            CNNVD: CNNVD-201911-490 // 
            
            
            
            NVD: CVE-2019-15704

SOURCES
db:VULHUBid:VHN-147777
db:JVNDBid:JVNDB-2019-012331
db:CNNVDid:CNNVD-201911-490
db:NVDid:CVE-2019-15704

LAST UPDATE DATE
2024-08-14T14:45:07.385000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-147777date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-012331date:2019-11-29T00:00:00
db:CNNVDid:CNNVD-201911-490date:2020-08-25T00:00:00
db:NVDid:CVE-2019-15704date:2020-08-24T17:37:01.140

SOURCES RELEASE DATE
db:VULHUBid:VHN-147777date:2019-11-21T00:00:00
db:JVNDBid:JVNDB-2019-012331date:2019-11-29T00:00:00
db:CNNVDid:CNNVD-201911-490date:2019-11-08T00:00:00
db:NVDid:CVE-2019-15704date:2019-11-21T15:15:13.823