cvelistv5 - cve-2017-7344

CVE-2017-7344 (GCVE-0-2017-7344)

Vulnerability from cvelistv5 – Published: 2017-12-14 18:00 – Updated: 2024-10-25 14:32

Summary

Severity ?

No CVSS data available.

CWE

Escalation of privilege

Assigner

fortinet

References

URL

Tags

	https://securite.intrinsec.com/2017/12/22/cve-201…	x_refsource_MISC
	http://www.securityfocus.com/bid/102176	vdb-entryx_refsource_BID
	https://fortiguard.com/advisory/FG-IR-17-070	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Fortinet, Inc.	FortiClientWindows	Affected: 5.6.0, 5.4.3, 5.4.2, 5.4.1, 5.4.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:56:36.460Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/"
          },
          {
            "name": "102176",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102176"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-17-070"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-7344",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-24T20:04:05.200314Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:32:58.833Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FortiClientWindows",
          "vendor": "Fortinet, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "5.6.0, 5.4.3, 5.4.2, 5.4.1, 5.4.0"
            }
          ]
        }
      ],
      "datePublic": "2017-12-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows \"security alert\" dialog thereby popping up when the \"VPN before logon\" feature is enabled and an untrusted certificate chain."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Escalation of privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-22T18:57:01",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/"
        },
        {
          "name": "102176",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102176"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-17-070"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "DATE_PUBLIC": "2017-12-12T00:00:00",
          "ID": "CVE-2017-7344",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FortiClientWindows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.6.0, 5.4.3, 5.4.2, 5.4.1, 5.4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows \"security alert\" dialog thereby popping up when the \"VPN before logon\" feature is enabled and an untrusted certificate chain."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Escalation of privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/",
              "refsource": "MISC",
              "url": "https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/"
            },
            {
              "name": "102176",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102176"
            },
            {
              "name": "https://fortiguard.com/advisory/FG-IR-17-070",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-17-070"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2017-7344",
    "datePublished": "2017-12-14T18:00:00Z",
    "dateReserved": "2017-03-30T00:00:00",
    "dateUpdated": "2024-10-25T14:32:58.833Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*\", \"versionEndIncluding\": \"5.4.3\", \"matchCriteriaId\": \"3FA54405-BA2E-4B8D-A333-1CD47CCE784A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:forticlient:5.6.0:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"4A0005D2-3558-414D-97AC-ACAD11C0FD10\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows \\\"security alert\\\" dialog thereby popping up when the \\\"VPN before logon\\\" feature is enabled and an untrusted certificate chain.\"}, {\"lang\": \"es\", \"value\": \"Una escalada de privilegios en Fortinet FortiClient Windows en versiones 5.4.3 y anteriores, as\\u00ed como la versi\\u00f3n 5.6.0, permite que un atacante consiga privilegios explotando el di\\u00e1logo de Windows \\\"security alert\\\" que aparece cuando la caracter\\u00edstica \\\"VPN before logon\\\" est\\u00e1 habilitada y se conecta un certificado no fiable.\"}]",
      "id": "CVE-2017-7344",
      "lastModified": "2024-11-21T03:31:39.680",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 4.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-12-14T18:29:00.210",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/102176\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://fortiguard.com/advisory/FG-IR-17-070\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Exploit\", \"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/102176\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://fortiguard.com/advisory/FG-IR-17-070\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mitigation\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "psirt@fortinet.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-7344\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2017-12-14T18:29:00.210\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows \\\"security alert\\\" dialog thereby popping up when the \\\"VPN before logon\\\" feature is enabled and an untrusted certificate chain.\"},{\"lang\":\"es\",\"value\":\"Una escalada de privilegios en Fortinet FortiClient Windows en versiones 5.4.3 y anteriores, as\u00ed como la versi\u00f3n 5.6.0, permite que un atacante consiga privilegios explotando el di\u00e1logo de Windows \\\"security alert\\\" que aparece cuando la caracter\u00edstica \\\"VPN before logon\\\" est\u00e1 habilitada y se conecta un certificado no fiable.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:C/I:C/A:C\",\"baseScore\":7.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":4.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*\",\"versionEndIncluding\":\"5.4.3\",\"matchCriteriaId\":\"3FA54405-BA2E-4B8D-A333-1CD47CCE784A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:forticlient:5.6.0:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"4A0005D2-3558-414D-97AC-ACAD11C0FD10\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/102176\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://fortiguard.com/advisory/FG-IR-17-070\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102176\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://fortiguard.com/advisory/FG-IR-17-070\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mitigation\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/102176\", \"name\": \"102176\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"https://fortiguard.com/advisory/FG-IR-17-070\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T15:56:36.460Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2017-7344\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-24T20:04:05.200314Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-25T14:18:30.795Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Fortinet, Inc.\", \"product\": \"FortiClientWindows\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.6.0, 5.4.3, 5.4.2, 5.4.1, 5.4.0\"}]}], \"datePublic\": \"2017-12-12T00:00:00\", \"references\": [{\"url\": \"https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.securityfocus.com/bid/102176\", \"name\": \"102176\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"https://fortiguard.com/advisory/FG-IR-17-070\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows \\\"security alert\\\" dialog thereby popping up when the \\\"VPN before logon\\\" feature is enabled and an untrusted certificate chain.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Escalation of privilege\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2017-12-22T18:57:01\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"5.6.0, 5.4.3, 5.4.2, 5.4.1, 5.4.0\"}]}, \"product_name\": \"FortiClientWindows\"}]}, \"vendor_name\": \"Fortinet, Inc.\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/\", \"name\": \"https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/\", \"refsource\": \"MISC\"}, {\"url\": \"http://www.securityfocus.com/bid/102176\", \"name\": \"102176\", \"refsource\": \"BID\"}, {\"url\": \"https://fortiguard.com/advisory/FG-IR-17-070\", \"name\": \"https://fortiguard.com/advisory/FG-IR-17-070\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows \\\"security alert\\\" dialog thereby popping up when the \\\"VPN before logon\\\" feature is enabled and an untrusted certificate chain.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Escalation of privilege\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2017-7344\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"psirt@fortinet.com\", \"DATE_PUBLIC\": \"2017-12-12T00:00:00\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2017-7344\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-25T14:32:58.833Z\", \"dateReserved\": \"2017-03-30T00:00:00\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2017-12-14T18:00:00Z\", \"assignerShortName\": \"fortinet\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2017-7344

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-7344

Aliases

CVE-2017-7344

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-7344",
    "description": "A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows \"security alert\" dialog thereby popping up when the \"VPN before logon\" feature is enabled and an untrusted certificate chain.",
    "id": "GSD-2017-7344",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2017-7344"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-7344"
      ],
      "details": "A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows \"security alert\" dialog thereby popping up when the \"VPN before logon\" feature is enabled and an untrusted certificate chain.",
      "id": "GSD-2017-7344",
      "modified": "2023-12-13T01:21:06.715377Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@fortinet.com",
        "DATE_PUBLIC": "2017-12-12T00:00:00",
        "ID": "CVE-2017-7344",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "FortiClientWindows",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "5.6.0, 5.4.3, 5.4.2, 5.4.1, 5.4.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Fortinet, Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows \"security alert\" dialog thereby popping up when the \"VPN before logon\" feature is enabled and an untrusted certificate chain."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Escalation of privilege"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/",
            "refsource": "MISC",
            "url": "https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/"
          },
          {
            "name": "102176",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/102176"
          },
          {
            "name": "https://fortiguard.com/advisory/FG-IR-17-070",
            "refsource": "CONFIRM",
            "url": "https://fortiguard.com/advisory/FG-IR-17-070"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:forticlient:5.6.0:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.4.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2017-7344"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows \"security alert\" dialog thereby popping up when the \"VPN before logon\" feature is enabled and an untrusted certificate chain."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-17-070",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://fortiguard.com/advisory/FG-IR-17-070"
            },
            {
              "name": "102176",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/102176"
            },
            {
              "name": "https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Mitigation",
                "Third Party Advisory"
              ],
              "url": "https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-12-14T18:29Z"
    }
  }
}

GHSA-WW53-P7M6-MPV2

Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2025-04-20 03:50

Details

Severity ?

8.1 (High)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-7344"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-14T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows \"security alert\" dialog thereby popping up when the \"VPN before logon\" feature is enabled and an untrusted certificate chain.",
  "id": "GHSA-ww53-p7m6-mpv2",
  "modified": "2025-04-20T03:50:03Z",
  "published": "2022-05-13T01:46:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7344"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/advisory/FG-IR-17-070"
    },
    {
      "type": "WEB",
      "url": "https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102176"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201712-1096

Vulnerability from variot - Updated: 2023-12-26 23:14

A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain. Fortinet FortiClient Windows Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiClient is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. The following products are vulnerable: FortiClient Windows 5.6.0 FortiClient Windows 5.4.3 and prior. Fortinet FortiClient WindowsFortinet FortiClient for Windows is a set of mobile terminal security solutions based on the Windows platform from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. An escalation of privilege vulnerability exists in Fortinet FortiClient Windows 5.4.3 and earlier versions and 5.6.0

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201712-1096",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.6.0"
      },
      {
        "model": "forticlient",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.4.3"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.4.3"
      },
      {
        "model": "forticlient",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "windows 5.4.3"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "windows 5.6.0"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.6"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.2"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.1"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4"
      },
      {
        "model": "forticlient",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.6.1"
      },
      {
        "model": "forticlient",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.4"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "102176"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011497"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7344"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1370"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:forticlient:5.6.0:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.4.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-7344"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Clement NOTIN of INTRINSEC.",
    "sources": [
      {
        "db": "BID",
        "id": "102176"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-7344",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.6,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2017-7344",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "VHN-115547",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.1,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-7344",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-7344",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201703-1370",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-115547",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-7344",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115547"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-7344"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011497"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7344"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1370"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows \"security alert\" dialog thereby popping up when the \"VPN before logon\" feature is enabled and an untrusted certificate chain. Fortinet FortiClient Windows Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiClient is prone to a privilege-escalation vulnerability. \nAn attacker can exploit this issue to execute arbitrary code with elevated privileges. \nThe following products are vulnerable:\nFortiClient Windows 5.6.0\nFortiClient Windows 5.4.3 and prior. Fortinet FortiClient WindowsFortinet FortiClient for Windows is a set of mobile terminal security solutions based on the Windows platform from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. An escalation of privilege vulnerability exists in Fortinet FortiClient Windows 5.4.3 and earlier versions and 5.6.0",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-7344"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011497"
      },
      {
        "db": "BID",
        "id": "102176"
      },
      {
        "db": "VULHUB",
        "id": "VHN-115547"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-7344"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-7344",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "102176",
        "trust": 2.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011497",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1370",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "145611",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-115547",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-7344",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115547"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-7344"
      },
      {
        "db": "BID",
        "id": "102176"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011497"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7344"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1370"
      }
    ]
  },
  "id": "VAR-201712-1096",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115547"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-26T23:14:56.817000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-17-070",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-17-070"
      },
      {
        "title": "Fortinet FortiClient Windows Fixes for permission permissions and access control vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99698"
      },
      {
        "title": "Awesome CVE PoC",
        "trust": 0.1,
        "url": "https://github.com/lnick2023/nicenice "
      },
      {
        "title": "Awesome CVE PoC",
        "trust": 0.1,
        "url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
      },
      {
        "title": "Awesome CVE PoC",
        "trust": 0.1,
        "url": "https://github.com/qazbnm456/awesome-cve-poc "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-7344"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011497"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1370"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115547"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011497"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7344"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/102176"
      },
      {
        "trust": 1.8,
        "url": "https://fortiguard.com/advisory/fg-ir-17-070"
      },
      {
        "trust": 1.8,
        "url": "https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7344"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7344"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/"
      },
      {
        "trust": 0.3,
        "url": "https://fortiguard.com/psirt/fg-ir-17-070"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/lnick2023/nicenice"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/qazbnm456/awesome-cve-poc"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115547"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-7344"
      },
      {
        "db": "BID",
        "id": "102176"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011497"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7344"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1370"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-115547"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-7344"
      },
      {
        "db": "BID",
        "id": "102176"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011497"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7344"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1370"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115547"
      },
      {
        "date": "2017-12-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-7344"
      },
      {
        "date": "2017-12-12T00:00:00",
        "db": "BID",
        "id": "102176"
      },
      {
        "date": "2018-01-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-011497"
      },
      {
        "date": "2017-12-14T18:29:00.210000",
        "db": "NVD",
        "id": "CVE-2017-7344"
      },
      {
        "date": "2017-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-1370"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115547"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-7344"
      },
      {
        "date": "2017-12-19T22:38:00",
        "db": "BID",
        "id": "102176"
      },
      {
        "date": "2018-01-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-011497"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2017-7344"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-1370"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1370"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiClient Windows Vulnerabilities related to authorization, permissions, and access control",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011497"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1370"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2017-7344

Vulnerability from fkie_nvd - Published: 2017-12-14 18:29 - Updated: 2025-04-20 01:37

Severity ?

8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@fortinet.com	http://www.securityfocus.com/bid/102176	Third Party Advisory, VDB Entry
psirt@fortinet.com	https://fortiguard.com/advisory/FG-IR-17-070	Vendor Advisory
psirt@fortinet.com	https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/	Exploit, Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102176	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/advisory/FG-IR-17-070	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/	Exploit, Mitigation, Third Party Advisory

Impacted products

	Vendor	Product	Version
	fortinet	forticlient	*
	fortinet	forticlient	5.6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "3FA54405-BA2E-4B8D-A333-1CD47CCE784A",
              "versionEndIncluding": "5.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:forticlient:5.6.0:*:*:*:*:windows:*:*",
              "matchCriteriaId": "4A0005D2-3558-414D-97AC-ACAD11C0FD10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows \"security alert\" dialog thereby popping up when the \"VPN before logon\" feature is enabled and an untrusted certificate chain."
    },
    {
      "lang": "es",
      "value": "Una escalada de privilegios en Fortinet FortiClient Windows en versiones 5.4.3 y anteriores, as\u00ed como la versi\u00f3n 5.6.0, permite que un atacante consiga privilegios explotando el di\u00e1logo de Windows \"security alert\" que aparece cuando la caracter\u00edstica \"VPN before logon\" est\u00e1 habilitada y se conecta un certificado no fiable."
    }
  ],
  "id": "CVE-2017-7344",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-12-14T18:29:00.210",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102176"
    },
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-17-070"
    },
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Exploit",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-17-070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2018-01074

Vulnerability from cnvd - Published: 2018-01-17

Title

Fortinet FortiClient Windows权限提升漏洞

Description

Fortinet FortiClient Windows是美国飞塔（Fortinet）公司的一套基于Windows平台的移动终端安全解决方案。该方案与FortiGate防火墙设备连接时可提供IPsec和SSL加密、广域网优化、终端合规和双因子认证等功能。 Fortinet FortiClient Windows 5.4.3及之前的版本和5.6.0版本中存在提权漏洞。攻击者可利用该漏洞获取权限。

Severity

高

Patch Name

Fortinet FortiClient Windows权限提升漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://fortiguard.com/psirt/FG-IR-17-070

Reference

https://fortiguard.com/advisory/FG-IR-17-070 http://www.securityfocus.com/bid/102176

Impacted products

Name
['Fortinet FortiClient Windows <=5.4.3', 'Fortinet FortiClient Windows 5.6.0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "102176"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-7344",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7344"
    }
  },
  "description": "Fortinet FortiClient Windows\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eWindows\u5e73\u53f0\u7684\u79fb\u52a8\u7ec8\u7aef\u5b89\u5168\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u4e0eFortiGate\u9632\u706b\u5899\u8bbe\u5907\u8fde\u63a5\u65f6\u53ef\u63d0\u4f9bIPsec\u548cSSL\u52a0\u5bc6\u3001\u5e7f\u57df\u7f51\u4f18\u5316\u3001\u7ec8\u7aef\u5408\u89c4\u548c\u53cc\u56e0\u5b50\u8ba4\u8bc1\u7b49\u529f\u80fd\u3002\r\n\r\nFortinet FortiClient Windows 5.4.3\u53ca\u4e4b\u524d\u7684\u7248\u672c\u548c5.6.0\u7248\u672c\u4e2d\u5b58\u5728\u63d0\u6743\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6743\u9650\u3002",
  "discovererName": "Clement NOTIN of INTRINSEC.",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://fortiguard.com/psirt/FG-IR-17-070",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-01074",
  "openTime": "2018-01-17",
  "patchDescription": "Fortinet FortiClient Windows\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eWindows\u5e73\u53f0\u7684\u79fb\u52a8\u7ec8\u7aef\u5b89\u5168\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u4e0eFortiGate\u9632\u706b\u5899\u8bbe\u5907\u8fde\u63a5\u65f6\u53ef\u63d0\u4f9bIPsec\u548cSSL\u52a0\u5bc6\u3001\u5e7f\u57df\u7f51\u4f18\u5316\u3001\u7ec8\u7aef\u5408\u89c4\u548c\u53cc\u56e0\u5b50\u8ba4\u8bc1\u7b49\u529f\u80fd\u3002\r\n\r\nFortinet FortiClient Windows 5.4.3\u53ca\u4e4b\u524d\u7684\u7248\u672c\u548c5.6.0\u7248\u672c\u4e2d\u5b58\u5728\u63d0\u6743\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Fortinet FortiClient Windows\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Fortinet FortiClient Windows \u003c=5.4.3",
      "Fortinet FortiClient Windows 5.6.0"
    ]
  },
  "referenceLink": "https://fortiguard.com/advisory/FG-IR-17-070\r\nhttp://www.securityfocus.com/bid/102176",
  "serverity": "\u9ad8",
  "submitTime": "2017-12-18",
  "title": "Fortinet FortiClient Windows\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CERTFR-2017-AVI-471

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Fortinet FortiClient. Elle permet à un attaquant de provoquer une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Fortinet	FortiClient	FortiClient Windows versions antérieures à 5.4.4
	Fortinet	FortiClient	FortiClient Windows 5.6.x antérieures à 5.6.1

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-17-070 du 12 décembre 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiClient Windows versions ant\u00e9rieures \u00e0 5.4.4",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClient Windows 5.6.x ant\u00e9rieures \u00e0 5.6.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-7344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7344"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-471",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-12-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Fortinet FortiClient. Elle\npermet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Fortinet FortiClient",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-17-070 du 12 d\u00e9cembre 2017",
      "url": "https://fortiguard.com/psirt/FG-IR-17-070"
    }
  ]
}

CERTFR-2017-AVI-471

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Fortinet FortiClient. Elle permet à un attaquant de provoquer une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Fortinet	FortiClient	FortiClient Windows versions antérieures à 5.4.4
	Fortinet	FortiClient	FortiClient Windows 5.6.x antérieures à 5.6.1

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-17-070 du 12 décembre 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiClient Windows versions ant\u00e9rieures \u00e0 5.4.4",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClient Windows 5.6.x ant\u00e9rieures \u00e0 5.6.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-7344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7344"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-471",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-12-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Fortinet FortiClient. Elle\npermet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Fortinet FortiClient",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-17-070 du 12 d\u00e9cembre 2017",
      "url": "https://fortiguard.com/psirt/FG-IR-17-070"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-7344 (GCVE-0-2017-7344)

GSD-2017-7344

GHSA-WW53-P7M6-MPV2

VAR-201712-1096

FKIE_CVE-2017-7344

CNVD-2018-01074

CERTFR-2017-AVI-471

Solution

CERTFR-2017-AVI-471

Solution

Tags

Sightings

Nomenclature