CVE-2017-17543

CVE Database · CVE-2017-17543

CVE-2017-17543

· N/AModified

CVSS v3.1

N/A

EPSS

0.45%

Published

Apr 26, 2018

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms.

Weaknesses (CWE)

CWE-326

Affected Products (3)

fortinet · forticlientvulnerable

fortinet · forticlient_sslvpn_clientvulnerable

References (2)

https://fortiguard.com/advisory/FG-IR-17-214

KEV Catalog EPSS Scores Vendors All CVEs