CVE-2017-14184

Published: Dec 15, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.

Affected (3)

Products: Fortinet: Forticlient, Forticlient Sslvpn Client

2 products

Forticlient Sslvpn Client

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Forticlient	Before 5.6.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Forticlient	Before 5.6.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Forticlient Sslvpn Client	Before 4.4.2334

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www.securityfocus.com/bid/102123

Source: psirt@fortinet.com

Third Party AdvisoryVDB Entry

https://fortiguard.com/advisory/FG-IR-17-214

Source: psirt@fortinet.com

MitigationVendor Advisory

http://www.securityfocus.com/bid/102123

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://fortiguard.com/advisory/FG-IR-17-214

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.