CVE-2017-14184

An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.

Published: Dec 15, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-14184
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
fortinet / forticlient	-	5.6.0
fortinet / forticlient_sslvpn_client	-	4.4.2334

http://www.securityfocus.com/bid/102123
https://fortiguard.com/advisory/FG-IR-17-214

Vulnerability Database

289,599

CVE-2017-14184