CVE-2017-17543
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms.
Las credenciales de autenticación de VPN de los usuarios se cifran de manera no segura en Fortinet FortiClient para Windows en versiones 5.6.0 y anteriores, FortiClient para Mac OSX en versiones 5.6.0 y anteriores y FortiClient SSLVPN Client para Linux en versiones 4.4.2335 y anteriores, debido a la uso de una clave de cifrado estático y algoritmos de cifrado débiles.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-12-11 CVE Reserved
- 2018-04-26 CVE Published
- 2024-09-17 EPSS Updated
- 2024-10-25 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-326: Inadequate Encryption Strength
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://fortiguard.com/advisory/FG-IR-17-214 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Fortinet Search vendor "Fortinet" | Forticlient Search vendor "Fortinet" for product "Forticlient" | <= 5.6.0 Search vendor "Fortinet" for product "Forticlient" and version " <= 5.6.0" | windows |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Forticlient Search vendor "Fortinet" for product "Forticlient" | <= 5.6.0 Search vendor "Fortinet" for product "Forticlient" and version " <= 5.6.0" | macos |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Forticlient Sslvpn Client Search vendor "Fortinet" for product "Forticlient Sslvpn Client" | <= 4.4.2335 Search vendor "Fortinet" for product "Forticlient Sslvpn Client" and version " <= 4.4.2335" | linux |
Affected
| ||||||