{"containers": {"cna": {"affected": [{"product": "FortiClient for Windows", "vendor": "Fortinet, Inc.", "versions": [{"status": "affected", "version": "5.6.0 and below versions"}]}, {"product": "FortiClient for Mac OSX", "vendor": "Fortinet, Inc.", "versions": [{"status": "affected", "version": "5.6.0 and below versions"}]}, {"product": "FortiClient SSLVPN Client for Linux", "vendor": "Fortinet, Inc.", "versions": [{"status": "affected", "version": "4.4.2335 and below versions"}]}], "datePublic": "2017-12-07T00:00:00", "descriptions": [{"lang": "en", "value": "Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-05-02T15:27:54", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://fortiguard.com/advisory/FG-IR-17-214"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@fortinet.com", "DATE_PUBLIC": "2017-12-07T00:00:00", "ID": "CVE-2017-17543", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FortiClient for Windows", "version": {"version_data": [{"version_value": "5.6.0 and below versions"}]}}, {"product_name": "FortiClient for Mac OSX", "version": {"version_data": [{"version_value": "5.6.0 and below versions"}]}}, {"product_name": "FortiClient SSLVPN Client for Linux", "version": {"version_data": [{"version_value": "4.4.2335 and below versions"}]}}]}, "vendor_name": "Fortinet, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://fortiguard.com/advisory/FG-IR-17-214", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-17-214"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:51:32.155Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://fortiguard.com/advisory/FG-IR-17-214"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-24T20:10:01.644124Z", "id": "CVE-2017-17543", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T14:32:33.452Z"}}]}, "cveMetadata": {"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2017-17543", "datePublished": "2018-04-26T20:00:00Z", "dateReserved": "2017-12-11T00:00:00", "dateUpdated": "2024-10-25T14:32:33.452Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/advisory/FG-IR-17-214", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:51:32.155Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2017-17543", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-24T20:10:01.644124Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T14:18:28.000Z"}}], "cna": {"affected": [{"vendor": "Fortinet, Inc.", "product": "FortiClient for Windows", "versions": [{"status": "affected", "version": "5.6.0 and below versions"}]}, {"vendor": "Fortinet, Inc.", "product": "FortiClient for Mac OSX", "versions": [{"status": "affected", "version": "5.6.0 and below versions"}]}, {"vendor": "Fortinet, Inc.", "product": "FortiClient SSLVPN Client for Linux", "versions": [{"status": "affected", "version": "4.4.2335 and below versions"}]}], "datePublic": "2017-12-07T00:00:00", "references": [{"url": "https://fortiguard.com/advisory/FG-IR-17-214", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Information Disclosure"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2020-05-02T15:27:54"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "5.6.0 and below versions"}]}, "product_name": "FortiClient for Windows"}, {"version": {"version_data": [{"version_value": "5.6.0 and below versions"}]}, "product_name": "FortiClient for Mac OSX"}, {"version": {"version_data": [{"version_value": "4.4.2335 and below versions"}]}, "product_name": "FortiClient SSLVPN Client for Linux"}]}, "vendor_name": "Fortinet, Inc."}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://fortiguard.com/advisory/FG-IR-17-214", "name": "https://fortiguard.com/advisory/FG-IR-17-214", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-17543", "STATE": "PUBLIC", "ASSIGNER": "psirt@fortinet.com", "DATE_PUBLIC": "2017-12-07T00:00:00"}}}}, "cveMetadata": {"cveId": "CVE-2017-17543", "state": "PUBLISHED", "dateUpdated": "2024-10-25T14:32:33.452Z", "dateReserved": "2017-12-11T00:00:00", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2018-04-26T20:00:00Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*", "matchCriteriaId": "05C9130B-9139-407F-B6F9-9B64A8B830D6", "versionEndIncluding": "5.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*", "matchCriteriaId": "6DA8975F-A2E7-47D2-83BA-6990673124BC", "versionEndIncluding": "5.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:forticlient_sslvpn_client:*:*:*:*:*:linux:*:*", "matchCriteriaId": "B0DB26D0-44AA-4958-A926-B6BDCAA9402A", "versionEndIncluding": "4.4.2335", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms."}, {"lang": "es", "value": "Las credenciales de autenticaci\u00f3n de VPN de los usuarios se cifran de manera no segura en Fortinet FortiClient para Windows en versiones 5.6.0 y anteriores, FortiClient para Mac OSX en versiones 5.6.0 y anteriores y FortiClient SSLVPN Client para Linux en versiones 4.4.2335 y anteriores, debido a la uso de una clave de cifrado est\u00e1tico y algoritmos de cifrado d\u00e9biles."}], "id": "CVE-2017-17543", "lastModified": "2024-11-21T03:18:08.213", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-26T20:29:00.243", "references": [{"source": "psirt@fortinet.com", "url": "https://fortiguard.com/advisory/FG-IR-17-214"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://fortiguard.com/advisory/FG-IR-17-214"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-326"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}