Vulnerability Description
An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Forticlient | < 5.6.0 |
| Fortinet | Forticlient Sslvpn Client | < 4.4.2334 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/102123Third Party AdvisoryVDB Entry
- https://fortiguard.com/advisory/FG-IR-17-214MitigationVendor Advisory
- http://www.securityfocus.com/bid/102123Third Party AdvisoryVDB Entry
- https://fortiguard.com/advisory/FG-IR-17-214MitigationVendor Advisory
FAQ
What is CVE-2017-14184?
CVE-2017-14184 is a vulnerability with a CVSS score of 8.8 (HIGH). An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 ...
How severe is CVE-2017-14184?
CVE-2017-14184 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-14184?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Forticlient, Fortinet Forticlient Sslvpn Client.