Description
An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.
References (2)
Core 2
Core References
Mitigation, Vendor Advisory x_refsource_confirm
https://fortiguard.com/advisory/FG-IR-17-214
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102123
Scores
CVSS v3
8.8
EPSS
0.0165
EPSS Percentile
82.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-200
Status
published
Products (5)
fortinet/forticlient
< 5.6.0 (2 CPE variants)
fortinet/forticlient_sslvpn_client
< 4.4.2334
Fortinet, Inc./FortiClient for Mac OSX
5.6.0 and below
Fortinet, Inc./FortiClient for Windows
5.6.0 and below
Fortinet, Inc./FortiClient SSLVPN Client for Linux
4.4.2334 and below
Published
Dec 15, 2017
Tracked Since
Feb 18, 2026