CVE-2017-14184

An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.
References
Link Resource
http://www.securityfocus.com/bid/102123 Third Party Advisory VDB Entry
https://fortiguard.com/advisory/FG-IR-17-214 Mitigation Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*

Configuration 2 (hide)

cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*

Configuration 3 (hide)

cpe:2.3:a:fortinet:forticlient_sslvpn_client:*:*:*:*:*:linux:*:*

History

No history.

Information

Published : 2017-12-15 21:29

Updated : 2024-02-28 16:04


NVD link : CVE-2017-14184

Mitre link : CVE-2017-14184

CVE.ORG link : CVE-2017-14184


JSON object : View

Products Affected

fortinet

  • forticlient
  • forticlient_sslvpn_client
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor