CVE-2023-37939

Summary

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiClientMac7.2.0 <= 7.2.1affected
FortinetFortiClientMac7.0.0 <= 7.0.9affected
FortinetFortiClientMac6.4.0 <= 6.4.10affected
FortinetFortiClientMac6.2.0 <= 6.2.9affected
FortinetFortiClientWindows7.2.0affected
FortinetFortiClientWindows7.0.0 <= 7.0.9affected
FortinetFortiClientWindows6.4.0 <= 6.4.10affected
FortinetFortiClientWindows6.2.0 <= 6.2.9affected
FortinetFortiClientLinux7.2.0affected
FortinetFortiClientLinux7.0.6 <= 7.0.9affected
FortinetFortiClientLinux7.0.0 <= 7.0.4affected
FortinetFortiClientLinux6.4.7 <= 6.4.9affected
FortinetFortiClientLinux6.4.0 <= 6.4.4affected
FortinetFortiClientLinux6.2.6 <= 6.2.9affected
FortinetFortiClientLinux6.2.0 <= 6.2.4affected

Weaknesses

  • CWE-200: Information disclosure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References