CVE-2017-17543

Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms.

Published: Apr 26, 2018
Updated: Apr 13, 2023
CVE: CVE-2017-17543
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-326

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
fortinet / forticlient	-	5.6.0.x
fortinet / forticlient_sslvpn_client	-	4.4.2335.x

https://fortiguard.com/advisory/FG-IR-17-214

Vulnerability Database

289,697

CVE-2017-17543