ID CVE-2019-5585 Type cve Reporter cve@mitre.org Modified 2020-08-24T17:37:00
Description
An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several FortiClientMac processes.
{"nessus": [{"lastseen": "2021-01-01T03:22:36", "description": "The version of Fortinet FortiClient Mac running on the remote host is\nprior to 6.0.5. It is, therefore, affected by a Denial of Service (DoS)\nvulnerability. An improper access control vulnerability in FortiClientMac\nmay allow an attacker to affect the application's performance via modifying\nthe content of a file used by several FortiClientMac processes.", "edition": 18, "cvss3": {"score": 6.1, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H"}, "published": "2019-04-12T00:00:00", "title": "Fortinet FortiClient 6.0.1 < 6.0.5 Local DoS (macOS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-5585"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:fortinet:forticlient"], "id": "MACOS_FORTICLIENT_6_0_5.NASL", "href": "https://www.tenable.com/plugins/nessus/124020", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124020);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/10/30 13:24:46\");\n\n script_cve_id(\"CVE-2019-5585\");\n script_bugtraq_id(107693);\n\n script_name(english:\"Fortinet FortiClient 6.0.1 < 6.0.5 Local DoS (macOS)\");\n script_summary(english:\"Checks the version of FortiClient.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote MacOS is affected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Fortinet FortiClient Mac running on the remote host is\nprior to 6.0.5. It is, therefore, affected by a Denial of Service (DoS)\nvulnerability. An improper access control vulnerability in FortiClientMac\nmay allow an attacker to affect the application's performance via modifying\nthe content of a file used by several FortiClientMac processes.\");\n # https://fortiguard.com/psirt/FG-IR-19-003\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?87550a3c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Fortinet FortiClient 6.0.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-5585\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:fortinet:forticlient\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macos_forticlient_detect.nbin\");\n script_require_keys(\"installed_sw/FortiClient (macOS)\", \"Host/local_checks_enabled\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/MacOSX/Version')) audit(AUDIT_OS_NOT, 'Mac OS X');\n\nget_kb_item_or_exit('installed_sw/FortiClient (macOS)');\napp_info = vcf::get_app_info(app:'FortiClient (macOS)');\n\nconstraints = [\n {'min_version' : '6.0.1', 'fixed_version' : '6.0.5'}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);\n", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}}]}