CVE-2017-17543

Published: Apr 26, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms.

Affected (3)

Products: Fortinet: Forticlient, Forticlient Sslvpn Client

2 products

Forticlient Sslvpn Client

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Forticlient	Up to 5.6.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Forticlient	Up to 5.6.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Forticlient Sslvpn Client	Up to 4.4.2335

Related CWEs

Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References (2)

https://fortiguard.com/advisory/FG-IR-17-214

Source: psirt@fortinet.com

https://fortiguard.com/advisory/FG-IR-17-214

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.