Описание
An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.
Ссылки
- Third Party AdvisoryVDB Entry
- MitigationVendor Advisory
- Third Party AdvisoryVDB Entry
- MitigationVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.6.0 (исключая)
cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*
Конфигурация 2Версия до 5.6.0 (исключая)
cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*
Конфигурация 3Версия до 4.4.2334 (исключая)
cpe:2.3:a:fortinet:forticlient_sslvpn_client:*:*:*:*:*:linux:*:*
EPSS
Процентиль: 82%
0.01649
Низкий
8.8 High
CVSS3
4 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.
EPSS
Процентиль: 82%
0.01649
Низкий
8.8 High
CVSS3
4 Medium
CVSS2
Дефекты
CWE-200