Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for FortiClient for Windows by Fortinet, Inc.

    CVE-2017-17543 (GCVE-0-2017-17543)

    Vulnerability from nvd – Published: 2018-04-26 20:00 – Updated: 2024-10-25 14:32
    VLAI
    Summary
    Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    https://fortiguard.com/advisory/FG-IR-17-214 x_refsource_CONFIRM
    Impacted products
    Date Public
    2017-12-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:51:32.155Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/advisory/FG-IR-17-214"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-17543",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-24T20:10:01.644124Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T14:32:33.452Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FortiClient for Windows",
              "vendor": "Fortinet, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.6.0 and below versions"
                }
              ]
            },
            {
              "product": "FortiClient for Mac OSX",
              "vendor": "Fortinet, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.6.0 and below versions"
                }
              ]
            },
            {
              "product": "FortiClient SSLVPN Client for Linux",
              "vendor": "Fortinet, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.4.2335 and below versions"
                }
              ]
            }
          ],
          "datePublic": "2017-12-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Users\u0027 VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-02T15:27:54.000Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://fortiguard.com/advisory/FG-IR-17-214"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@fortinet.com",
              "DATE_PUBLIC": "2017-12-07T00:00:00",
              "ID": "CVE-2017-17543",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FortiClient for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.6.0 and below versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "FortiClient for Mac OSX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.6.0 and below versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "FortiClient SSLVPN Client for Linux",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.4.2335 and below versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fortinet, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Users\u0027 VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://fortiguard.com/advisory/FG-IR-17-214",
                  "refsource": "CONFIRM",
                  "url": "https://fortiguard.com/advisory/FG-IR-17-214"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2017-17543",
        "datePublished": "2018-04-26T20:00:00.000Z",
        "dateReserved": "2017-12-11T00:00:00.000Z",
        "dateUpdated": "2024-10-25T14:32:33.452Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14184 (GCVE-0-2017-14184)

    Vulnerability from nvd – Published: 2017-12-15 21:00 – Updated: 2024-10-25 14:32
    VLAI
    Summary
    An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    https://fortiguard.com/advisory/FG-IR-17-214 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/102123 vdb-entryx_refsource_BID
    Date Public
    2017-12-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:20:41.245Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/advisory/FG-IR-17-214"
              },
              {
                "name": "102123",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102123"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-14184",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-24T20:04:03.769096Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T14:32:46.074Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FortiClient for Windows",
              "vendor": "Fortinet, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.6.0 and below"
                }
              ]
            },
            {
              "product": "FortiClient for Mac OSX",
              "vendor": "Fortinet, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.6.0 and below"
                }
              ]
            },
            {
              "product": "FortiClient SSLVPN Client for Linux",
              "vendor": "Fortinet, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.4.2334 and below"
                }
              ]
            }
          ],
          "datePublic": "2017-12-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other\u0027s VPN authentication credentials due to improperly secured storage locations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-16T10:57:01.000Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://fortiguard.com/advisory/FG-IR-17-214"
            },
            {
              "name": "102123",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102123"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@fortinet.com",
              "DATE_PUBLIC": "2017-12-07T00:00:00",
              "ID": "CVE-2017-14184",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FortiClient for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.6.0 and below"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "FortiClient for Mac OSX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.6.0 and below"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "FortiClient SSLVPN Client for Linux",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.4.2334 and below"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fortinet, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other\u0027s VPN authentication credentials due to improperly secured storage locations."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://fortiguard.com/advisory/FG-IR-17-214",
                  "refsource": "CONFIRM",
                  "url": "https://fortiguard.com/advisory/FG-IR-17-214"
                },
                {
                  "name": "102123",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102123"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2017-14184",
        "datePublished": "2017-12-15T21:00:00.000Z",
        "dateReserved": "2017-09-07T00:00:00.000Z",
        "dateUpdated": "2024-10-25T14:32:46.074Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-17543 (GCVE-0-2017-17543)

    Vulnerability from cvelistv5 – Published: 2018-04-26 20:00 – Updated: 2024-10-25 14:32
    VLAI
    Summary
    Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    https://fortiguard.com/advisory/FG-IR-17-214 x_refsource_CONFIRM
    Impacted products
    Date Public
    2017-12-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:51:32.155Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/advisory/FG-IR-17-214"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-17543",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-24T20:10:01.644124Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T14:32:33.452Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FortiClient for Windows",
              "vendor": "Fortinet, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.6.0 and below versions"
                }
              ]
            },
            {
              "product": "FortiClient for Mac OSX",
              "vendor": "Fortinet, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.6.0 and below versions"
                }
              ]
            },
            {
              "product": "FortiClient SSLVPN Client for Linux",
              "vendor": "Fortinet, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.4.2335 and below versions"
                }
              ]
            }
          ],
          "datePublic": "2017-12-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Users\u0027 VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-02T15:27:54.000Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://fortiguard.com/advisory/FG-IR-17-214"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@fortinet.com",
              "DATE_PUBLIC": "2017-12-07T00:00:00",
              "ID": "CVE-2017-17543",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FortiClient for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.6.0 and below versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "FortiClient for Mac OSX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.6.0 and below versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "FortiClient SSLVPN Client for Linux",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.4.2335 and below versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fortinet, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Users\u0027 VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://fortiguard.com/advisory/FG-IR-17-214",
                  "refsource": "CONFIRM",
                  "url": "https://fortiguard.com/advisory/FG-IR-17-214"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2017-17543",
        "datePublished": "2018-04-26T20:00:00.000Z",
        "dateReserved": "2017-12-11T00:00:00.000Z",
        "dateUpdated": "2024-10-25T14:32:33.452Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14184 (GCVE-0-2017-14184)

    Vulnerability from cvelistv5 – Published: 2017-12-15 21:00 – Updated: 2024-10-25 14:32
    VLAI
    Summary
    An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    https://fortiguard.com/advisory/FG-IR-17-214 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/102123 vdb-entryx_refsource_BID
    Date Public
    2017-12-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:20:41.245Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/advisory/FG-IR-17-214"
              },
              {
                "name": "102123",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102123"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-14184",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-24T20:04:03.769096Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T14:32:46.074Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FortiClient for Windows",
              "vendor": "Fortinet, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.6.0 and below"
                }
              ]
            },
            {
              "product": "FortiClient for Mac OSX",
              "vendor": "Fortinet, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.6.0 and below"
                }
              ]
            },
            {
              "product": "FortiClient SSLVPN Client for Linux",
              "vendor": "Fortinet, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.4.2334 and below"
                }
              ]
            }
          ],
          "datePublic": "2017-12-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other\u0027s VPN authentication credentials due to improperly secured storage locations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-16T10:57:01.000Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://fortiguard.com/advisory/FG-IR-17-214"
            },
            {
              "name": "102123",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102123"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@fortinet.com",
              "DATE_PUBLIC": "2017-12-07T00:00:00",
              "ID": "CVE-2017-14184",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FortiClient for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.6.0 and below"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "FortiClient for Mac OSX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.6.0 and below"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "FortiClient SSLVPN Client for Linux",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.4.2334 and below"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fortinet, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other\u0027s VPN authentication credentials due to improperly secured storage locations."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://fortiguard.com/advisory/FG-IR-17-214",
                  "refsource": "CONFIRM",
                  "url": "https://fortiguard.com/advisory/FG-IR-17-214"
                },
                {
                  "name": "102123",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102123"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2017-14184",
        "datePublished": "2017-12-15T21:00:00.000Z",
        "dateReserved": "2017-09-07T00:00:00.000Z",
        "dateUpdated": "2024-10-25T14:32:46.074Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }