CVE-2017-17543
N/A
N/A
Summary
Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Fortinet, Inc. | FortiClient for Windows | 5.6.0 and below versions | affected |
| Fortinet, Inc. | FortiClient for Mac OSX | 5.6.0 and below versions | affected |
| Fortinet, Inc. | FortiClient SSLVPN Client for Linux | 4.4.2335 and below versions | affected |
Weaknesses
- Information Disclosure
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.