Lucene search

[email protected]CVE-2017-7344

HistoryDec 14, 2017 - 6:29 p.m.

CVE-2017-7344

2017-12-1418:29:00

[email protected]

web.nvd.nist.gov

cve-2017-7344

fortinet

forticlient

privilege escalation

windows

vpn

security alert

certificate chain

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

7.6 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.6%

JSON

A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows “security alert” dialog thereby popping up when the “VPN before logon” feature is enabled and an untrusted certificate chain.

Affected configurations

NVD

Node

fortinetforticlientRange≤5.4.3windows

fortinetforticlientMatch5.6.0windows

CPENameOperatorVersion
fortinet:forticlientfortinet forticlientle5.4.3
fortinet:forticlientfortinet forticlienteq5.6.0

CPE	Name	Operator	Version
fortinet:forticlient	fortinet forticlient	le	5.4.3
fortinet:forticlient	fortinet forticlient	eq	5.6.0

CNA Affected

[
  {
    "product": "FortiClientWindows",
    "vendor": "Fortinet, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "5.6.0, 5.4.3, 5.4.2, 5.4.1, 5.4.0"
      }
    ]
  }
]

References

www.securityfocus.com/bid/102176

fortiguard.com/advisory/FG-IR-17-070

securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

7.6 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.6%

JSON

Related for CVE-2017-7344

fortinet1 nvd1 cvelist1 prion1