cvelistv5 - cve-2019-15704

CVE-2019-15704 (GCVE-0-2019-15704)

Vulnerability from cvelistv5 – Published: 2019-11-21 14:53 – Updated: 2024-10-25 14:05

Summary

Severity ?

No CVSS data available.

CWE

Information Disclosure

Assigner

fortinet

References

URL

Tags

https://fortiguard.com/advisory/FG-IR-19-227

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Fortinet	FortiClient for Mac OS	Affected: FortiClient for Mac OS 6.2.0 Affected: 6.0.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:56:22.462Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-19-227"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-15704",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T13:59:45.589688Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:05:20.462Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FortiClient for Mac OS",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiClient for Mac OS 6.2.0"
            },
            {
              "status": "affected",
              "version": "6.0.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-21T14:53:57",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-19-227"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2019-15704",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FortiClient for Mac OS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiClient for Mac OS 6.2.0"
                          },
                          {
                            "version_value": "6.0.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-19-227",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-19-227"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2019-15704",
    "datePublished": "2019-11-21T14:53:57",
    "dateReserved": "2019-08-27T00:00:00",
    "dateUpdated": "2024-10-25T14:05:20.462Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndIncluding\": \"6.0.7\", \"matchCriteriaId\": \"EA130446-C10F-4401-9870-77CA235152F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:forticlient:6.2.0:*:*:*:*:macos:*:*\", \"matchCriteriaId\": \"ABA08CE1-70EE-455E-85C5-49EE2E30D751\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de almacenamiento informaci\\u00f3n confidencial en texto sin cifrar en FortiClient para Mac, puede permitir a un atacante local leer informaci\\u00f3n confidencial registrada en la ventana de la consola cuando el usuario se conecta a un SSL VPN Gateway.\"}]",
      "id": "CVE-2019-15704",
      "lastModified": "2024-11-21T04:29:17.633",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-11-21T15:15:13.823",
      "references": "[{\"url\": \"https://fortiguard.com/advisory/FG-IR-19-227\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://fortiguard.com/advisory/FG-IR-19-227\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@fortinet.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-311\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-15704\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2019-11-21T15:15:13.823\",\"lastModified\":\"2024-11-21T04:29:17.633\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de almacenamiento informaci\u00f3n confidencial en texto sin cifrar en FortiClient para Mac, puede permitir a un atacante local leer informaci\u00f3n confidencial registrada en la ventana de la consola cuando el usuario se conecta a un SSL VPN Gateway.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-311\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.0.7\",\"matchCriteriaId\":\"EA130446-C10F-4401-9870-77CA235152F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:forticlient:6.2.0:*:*:*:*:macos:*:*\",\"matchCriteriaId\":\"ABA08CE1-70EE-455E-85C5-49EE2E30D751\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.com/advisory/FG-IR-19-227\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://fortiguard.com/advisory/FG-IR-19-227\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GHSA-2W2X-7266-2C97

Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2022-05-24 17:01

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-15704"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-21T15:15:00Z",
    "severity": "LOW"
  },
  "details": "A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway.",
  "id": "GHSA-2w2x-7266-2c97",
  "modified": "2022-05-24T17:01:40Z",
  "published": "2022-05-24T17:01:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15704"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/advisory/FG-IR-19-227"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2019-AVI-549

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans FortiClient pour MacOS. Elle permet à un attaquant d'afficher le mot de passe en clair des clients qui se connectent à une passerelle SSL VPN.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Fortinet	FortiClient	FortiClient pour Mac OS versions 6.0.7 et antérieures.
	Fortinet	FortiClient	FortiClient pour Mac OS versions 6.2.0 et antérieures.

References

Title

Publication Time

Tags

FG-IR-19-227 du 8 novembre 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiClient pour Mac OS versions 6.0.7 et ant\u00e9rieures.",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClient pour Mac OS versions 6.2.0 et ant\u00e9rieures.",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-15704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15704"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-549",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-11-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans FortiClient pour MacOS. Elle\npermet \u00e0 un attaquant d\u0027afficher le mot de passe en clair des clients\nqui se connectent \u00e0 une passerelle SSL VPN.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Fortinet FortiClient pour MacOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "FG-IR-19-227 du 8 novembre 2019",
      "url": "https://fortiguard.com/psirt/FG-IR-19-227"
    }
  ]
}

CERTFR-2019-AVI-549

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans FortiClient pour MacOS. Elle permet à un attaquant d'afficher le mot de passe en clair des clients qui se connectent à une passerelle SSL VPN.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Fortinet	FortiClient	FortiClient pour Mac OS versions 6.0.7 et antérieures.
	Fortinet	FortiClient	FortiClient pour Mac OS versions 6.2.0 et antérieures.

References

Title

Publication Time

Tags

FG-IR-19-227 du 8 novembre 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiClient pour Mac OS versions 6.0.7 et ant\u00e9rieures.",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClient pour Mac OS versions 6.2.0 et ant\u00e9rieures.",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-15704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15704"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-549",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-11-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans FortiClient pour MacOS. Elle\npermet \u00e0 un attaquant d\u0027afficher le mot de passe en clair des clients\nqui se connectent \u00e0 une passerelle SSL VPN.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Fortinet FortiClient pour MacOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "FG-IR-19-227 du 8 novembre 2019",
      "url": "https://fortiguard.com/psirt/FG-IR-19-227"
    }
  ]
}

GSD-2019-15704

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-15704

Aliases

CVE-2019-15704

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-15704",
    "description": "A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway.",
    "id": "GSD-2019-15704"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-15704"
      ],
      "details": "A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway.",
      "id": "GSD-2019-15704",
      "modified": "2023-12-13T01:23:38.784975Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@fortinet.com",
        "ID": "CVE-2019-15704",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "FortiClient for Mac OS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "FortiClient for Mac OS 6.2.0"
                        },
                        {
                          "version_value": "6.0.7"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Fortinet"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://fortiguard.com/advisory/FG-IR-19-227",
            "refsource": "CONFIRM",
            "url": "https://fortiguard.com/advisory/FG-IR-19-227"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.7",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:forticlient:6.2.0:*:*:*:*:macos:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2019-15704"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-311"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-19-227",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://fortiguard.com/advisory/FG-IR-19-227"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-11-21T15:15Z"
    }
  }
}

FKIE_CVE-2019-15704

Vulnerability from fkie_nvd - Published: 2019-11-21 15:15 - Updated: 2024-11-21 04:29

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	psirt@fortinet.com	https://fortiguard.com/advisory/FG-IR-19-227	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/advisory/FG-IR-19-227	Vendor Advisory

Impacted products

	Vendor	Product	Version
	fortinet	forticlient	*
	fortinet	forticlient	6.2.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*",
              "matchCriteriaId": "EA130446-C10F-4401-9870-77CA235152F0",
              "versionEndIncluding": "6.0.7",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:forticlient:6.2.0:*:*:*:*:macos:*:*",
              "matchCriteriaId": "ABA08CE1-70EE-455E-85C5-49EE2E30D751",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de almacenamiento informaci\u00f3n confidencial en texto sin cifrar en FortiClient para Mac, puede permitir a un atacante local leer informaci\u00f3n confidencial registrada en la ventana de la consola cuando el usuario se conecta a un SSL VPN Gateway."
    }
  ],
  "id": "CVE-2019-15704",
  "lastModified": "2024-11-21T04:29:17.633",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-21T15:15:13.823",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-19-227"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-19-227"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-311"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201911-1309

Vulnerability from variot - Updated: 2023-12-18 14:04

A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway. FortiClient Contains an information disclosure vulnerability.Information may be obtained. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. There are security vulnerabilities in Fortinet FortiClient 6.2.0 and earlier versions and 6.0.7 and earlier versions based on the Mac OS platform. The vulnerability stems from the fact that the program stores sensitive information in plain text

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201911-1309",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "forticlient",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.7"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "forticlient",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "(mac)"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012331"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15704"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.7",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:forticlient:6.2.0:*:*:*:*:macos:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-15704"
      }
    ]
  },
  "cve": "CVE-2019-15704",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.1,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-15704",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-147777",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-15704",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-15704",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201911-490",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-147777",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-147777"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012331"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15704"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-490"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway. FortiClient Contains an information disclosure vulnerability.Information may be obtained. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. There are security vulnerabilities in Fortinet FortiClient 6.2.0 and earlier versions and 6.0.7 and earlier versions based on the Mac OS platform. The vulnerability stems from the fact that the program stores sensitive information in plain text",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-15704"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012331"
      },
      {
        "db": "VULHUB",
        "id": "VHN-147777"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-15704",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012331",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-490",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4235",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-147777",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-147777"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012331"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15704"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-490"
      }
    ]
  },
  "id": "VAR-201911-1309",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-147777"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T14:04:54.342000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-19-227",
        "trust": 0.8,
        "url": "https://fortiguard.com/advisory/fg-ir-19-227"
      },
      {
        "title": "Fortinet FortiClient Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=103684"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012331"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-490"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-311",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-147777"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012331"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15704"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/advisory/fg-ir-19-227"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15704"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15704"
      },
      {
        "trust": 0.6,
        "url": "https://fortiguard.com/psirt/fg-ir-19-227"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4235/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/forticlient-for-mac-os-information-disclosure-via-console-window-clear-text-password-30821"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-147777"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012331"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15704"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-490"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-147777"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012331"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15704"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-490"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-11-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-147777"
      },
      {
        "date": "2019-11-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-012331"
      },
      {
        "date": "2019-11-21T15:15:13.823000",
        "db": "NVD",
        "id": "CVE-2019-15704"
      },
      {
        "date": "2019-11-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201911-490"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-147777"
      },
      {
        "date": "2019-11-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-012331"
      },
      {
        "date": "2020-08-24T17:37:01.140000",
        "db": "NVD",
        "id": "CVE-2019-15704"
      },
      {
        "date": "2020-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201911-490"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-490"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FortiClient Vulnerable to information disclosure",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012331"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-490"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2019-41426

Vulnerability from cnvd - Published: 2019-11-20

Title

Fortinet FortiClient信息泄露漏洞

Description

Fortinet FortiClient是美国飞塔（Fortinet）公司的一套移动终端安全解决方案。该方案与FortiGate防火墙设备连接时可提供IPsec和SSL加密、广域网优化、终端合规和双因子认证等功能。基于Mac OS平台的Fortinet FortiClient 6.2.0及之前版本和6.0.7及之前版本中存在信息泄露漏洞，该漏洞源于程序将敏感信息存储为明文形式，本地攻击者可利用该漏洞获取敏感信息。

Severity

低

Patch Name

Fortinet FortiClient信息泄露漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://fortiguard.com/psirt/FG-IR-19-227

Reference

https://vigilance.fr/vulnerability/FortiClient-for-Mac-OS-information-disclosure-via-Console-Window-Clear-Text-Password-30821

Impacted products

Name
['Fortinet FortiClient for Mac OS <=6.2.0', 'Fortinet FortiClient for Mac OS <=6.0.7']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-15704"
    }
  },
  "description": "Fortinet FortiClient\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u5957\u79fb\u52a8\u7ec8\u7aef\u5b89\u5168\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u4e0eFortiGate\u9632\u706b\u5899\u8bbe\u5907\u8fde\u63a5\u65f6\u53ef\u63d0\u4f9bIPsec\u548cSSL\u52a0\u5bc6\u3001\u5e7f\u57df\u7f51\u4f18\u5316\u3001\u7ec8\u7aef\u5408\u89c4\u548c\u53cc\u56e0\u5b50\u8ba4\u8bc1\u7b49\u529f\u80fd\u3002\n\n\u57fa\u4e8eMac OS\u5e73\u53f0\u7684Fortinet FortiClient 6.2.0\u53ca\u4e4b\u524d\u7248\u672c\u548c6.0.7\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5c06\u654f\u611f\u4fe1\u606f\u5b58\u50a8\u4e3a\u660e\u6587\u5f62\u5f0f\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://fortiguard.com/psirt/FG-IR-19-227",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-41426",
  "openTime": "2019-11-20",
  "patchDescription": "Fortinet FortiClient\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u5957\u79fb\u52a8\u7ec8\u7aef\u5b89\u5168\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u4e0eFortiGate\u9632\u706b\u5899\u8bbe\u5907\u8fde\u63a5\u65f6\u53ef\u63d0\u4f9bIPsec\u548cSSL\u52a0\u5bc6\u3001\u5e7f\u57df\u7f51\u4f18\u5316\u3001\u7ec8\u7aef\u5408\u89c4\u548c\u53cc\u56e0\u5b50\u8ba4\u8bc1\u7b49\u529f\u80fd\u3002\r\n\r\n\u57fa\u4e8eMac OS\u5e73\u53f0\u7684Fortinet FortiClient 6.2.0\u53ca\u4e4b\u524d\u7248\u672c\u548c6.0.7\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5c06\u654f\u611f\u4fe1\u606f\u5b58\u50a8\u4e3a\u660e\u6587\u5f62\u5f0f\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Fortinet FortiClient\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Fortinet FortiClient for Mac OS \u003c=6.2.0",
      "Fortinet FortiClient for Mac OS \u003c=6.0.7"
    ]
  },
  "referenceLink": "https://vigilance.fr/vulnerability/FortiClient-for-Mac-OS-information-disclosure-via-Console-Window-Clear-Text-Password-30821",
  "serverity": "\u4f4e",
  "submitTime": "2019-11-11",
  "title": "Fortinet FortiClient\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-15704 (GCVE-0-2019-15704)

GHSA-2W2X-7266-2C97

CERTFR-2019-AVI-549

Solution

CERTFR-2019-AVI-549

Solution

GSD-2019-15704

FKIE_CVE-2019-15704

VAR-201911-1309

CNVD-2019-41426

Tags

Sightings

Nomenclature