CVE-2023-37939

Published: Oct 10, 2023Modified: Nov 21, 2024

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning.

Affected (13)

Products: Fortinet: Forticlient

Fortinet

1 product

Forticlient

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Fortinet Forticlient	From 6.2.0 to 6.2.9
Fortinet Forticlient	From 6.4.0 to 6.4.9
Fortinet Forticlient	From 7.0.0 to 7.0.9
Fortinet Forticlient	From 6.2.0 to 6.2.9
Fortinet Forticlient	From 6.4.0 to 6.4.10
Fortinet Forticlient	From 7.0.0 to 7.0.9
Fortinet Forticlient	From 6.2.0 to 6.2.9
Fortinet Forticlient	From 6.4.0 to 6.4.10
Fortinet Forticlient	From 7.0.0 to 7.0.9
Fortinet Forticlient	Version 7.2.0
Fortinet Forticlient	Version 7.2.0
Fortinet Forticlient	Version 7.2.0
Fortinet Forticlient	Version 7.2.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://fortiguard.com/psirt/FG-IR-22-235

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-22-235

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.