All the vulnerabilites related to Fortinet - FortiClient for Mac OS
cve-2019-17650
Vulnerability from cvelistv5
Published
2019-11-21 15:03
Modified
2024-10-25 14:27
Severity ?
EPSS score ?
Summary
An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/advisory/FG-IR-19-210 | x_refsource_CONFIRM | |
| https://danishcyberdefence.dk/blog/forticlient_mac | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Fortinet | FortiClient for Mac OS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:13.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-19-210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://danishcyberdefence.dk/blog/forticlient_mac"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-17650",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T20:03:48.376177Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:27:54.500Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FortiClient for Mac OS",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiClient for Mac OS 6.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthorized code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-22T13:55:36",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-19-210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://danishcyberdefence.dk/blog/forticlient_mac"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2019-17650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FortiClient for Mac OS",
"version": {
"version_data": [
{
"version_value": "FortiClient for Mac OS 6.2.1"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthorized code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/advisory/FG-IR-19-210",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-19-210"
},
{
"name": "https://danishcyberdefence.dk/blog/forticlient_mac",
"refsource": "MISC",
"url": "https://danishcyberdefence.dk/blog/forticlient_mac"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2019-17650",
"datePublished": "2019-11-21T15:03:58",
"dateReserved": "2019-10-16T00:00:00",
"dateUpdated": "2024-10-25T14:27:54.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15704
Vulnerability from cvelistv5
Published
2019-11-21 14:53
Modified
2024-10-25 14:05
Severity ?
EPSS score ?
Summary
A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/advisory/FG-IR-19-227 | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Fortinet | FortiClient for Mac OS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-19-227"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-15704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T13:59:45.589688Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:05:20.462Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FortiClient for Mac OS",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiClient for Mac OS 6.2.0"
},
{
"status": "affected",
"version": "6.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-21T14:53:57",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-19-227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2019-15704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FortiClient for Mac OS",
"version": {
"version_data": [
{
"version_value": "FortiClient for Mac OS 6.2.0"
},
{
"version_value": "6.0.7"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/advisory/FG-IR-19-227",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-19-227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2019-15704",
"datePublished": "2019-11-21T14:53:57",
"dateReserved": "2019-08-27T00:00:00",
"dateUpdated": "2024-10-25T14:05:20.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-9195
Vulnerability from cvelistv5
Published
2019-11-21 14:59
Modified
2024-10-25 14:05
Severity ?
EPSS score ?
Summary
Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/advisory/FG-IR-18-100 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:51.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-18-100"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-9195",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T13:59:44.386046Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:05:09.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FortiClient for Windows",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiClient for Windows 6.0.6 and below"
}
]
},
{
"product": "FortiOS",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiOS 6.0.7 and below"
}
]
},
{
"product": "FortiClient for Mac OS",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiClient for Mac OS 6.2.1 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-27T20:52:33",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-18-100"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2018-9195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FortiClient for Windows",
"version": {
"version_data": [
{
"version_value": "FortiClient for Windows 6.0.6 and below"
}
]
}
},
{
"product_name": "FortiOS",
"version": {
"version_data": [
{
"version_value": "FortiOS 6.0.7 and below"
}
]
}
},
{
"product_name": "FortiClient for Mac OS",
"version": {
"version_data": [
{
"version_value": "FortiClient for Mac OS 6.2.1 and below"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/advisory/FG-IR-18-100",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-18-100"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2018-9195",
"datePublished": "2019-11-21T14:59:52",
"dateReserved": "2018-04-02T00:00:00",
"dateUpdated": "2024-10-25T14:05:09.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}