CVE-2017-17543

Summary

Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms.

Affected Software

VendorProductVersion RangeStatus
Fortinet, Inc.FortiClient for Windows5.6.0 and below versionsaffected
Fortinet, Inc.FortiClient for Mac OSX5.6.0 and below versionsaffected
Fortinet, Inc.FortiClient SSLVPN Client for Linux4.4.2335 and below versionsaffected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References