Search...

CVE-2019-5585

2019-04-09T21:29:00

ID CVE-2019-5585
Type cve
Reporter cve@mitre.org
Modified 2019-04-10T20:42:00

Description

An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several FortiClientMac processes.

JSON Vulners Source

Initial Source

{"id": "CVE-2019-5585", "bulletinFamily": "NVD", "title": "CVE-2019-5585", "description": "An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several FortiClientMac processes.", "published": "2019-04-09T21:29:00", "modified": "2019-04-10T20:42:00", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-5585", "reporter": "cve@mitre.org", "references": ["https://fortiguard.com/advisory/FG-IR-19-003", "http://www.securityfocus.com/bid/107693"], "cvelist": ["CVE-2019-5585"], "type": "cve", "lastseen": "2019-05-29T18:23:39", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "bde20e4c3fe200190ba4f9276b83fbaa"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "86b0acc94271f1624558fe2dd9806e23"}, {"key": "cpe23", "hash": "e5c050b9b00fe7421276949625bc8e12"}, {"key": "cvelist", "hash": "09663daca0c825a603a1b7d814a84942"}, {"key": "cvss", "hash": "02d4c4df2da8d4dc5d2f0cbb74f008ea"}, {"key": "cvss2", "hash": "57d1c384a3bb1be55ee044a623d9e041"}, {"key": "cvss3", "hash": "16c32547962647a803c372eb1f792506"}, {"key": "cwe", "hash": "bf65bed5ef164b420c3766cd1a3b85a5"}, {"key": "description", "hash": "09ade162196f5541ac394ed0578b0144"}, {"key": "href", "hash": "68cff39260671cf62544d370c8b11de1"}, {"key": "modified", "hash": "1a2535eb1b14134a64de4ad0f42f9ea0"}, {"key": "published", "hash": "e38b6affb8db7e1b31d1776d3f2160db"}, {"key": "references", "hash": "04c2959a332b3d63d46610d434e45740"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "37dcb347db440b1458c9dc685294f153"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "c236dc8715223b9340c0c2ff11e4764c62d4419423035afd8edb0a3afd5ae50f", "viewCount": 0, "enchantments": {"score": {"value": 4.4, "vector": "NONE", "modified": "2019-05-29T18:23:39"}, "dependencies": {"references": [{"type": "nessus", "idList": ["MACOS_FORTICLIENT_6_0_5.NASL"]}], "modified": "2019-05-29T18:23:39"}, "vulnersScore": 4.4}, "objectVersion": "1.3", "cpe": ["cpe:/a:forticlient:forticlient:6.0.1", "cpe:/a:forticlient:forticlient:6.0.4", "cpe:/a:forticlient:forticlient:6.0.3", "cpe:/a:forticlient:forticlient:6.0.2"], "affectedSoftware": [{"name": "forticlient forticlient", "operator": "eq", "version": "6.0.3"}, {"name": "forticlient forticlient", "operator": "eq", "version": "6.0.2"}, {"name": "forticlient forticlient", "operator": "eq", "version": "6.0.1"}, {"name": "forticlient forticlient", "operator": "eq", "version": "6.0.4"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 4.2}, "cpe23": ["cpe:2.3:a:forticlient:forticlient:6.0.1:*:*:*:*:mac_os_x:*:*", "cpe:2.3:a:forticlient:forticlient:6.0.2:*:*:*:*:mac_os_x:*:*", "cpe:2.3:a:forticlient:forticlient:6.0.4:*:*:*:*:mac_os_x:*:*", "cpe:2.3:a:forticlient:forticlient:6.0.3:*:*:*:*:mac_os_x:*:*"], "cwe": ["CWE-284"]}

{"nessus": [{"lastseen": "2020-01-01T00:02:46", "bulletinFamily": "scanner", "description": "The version of Fortinet FortiClient Mac running on the remote host is\nprior to 6.0.5. It is, therefore, affected by a Denial of Service (DoS)\nvulnerability. An improper access control vulnerability in FortiClientMac\nmay allow an attacker to affect the application", "modified": "2020-01-02T00:00:00", "id": "MACOS_FORTICLIENT_6_0_5.NASL", "href": "https://www.tenable.com/plugins/nessus/124020", "published": "2019-04-12T00:00:00", "title": "Fortinet FortiClient 6.0.1 < 6.0.5 Local DoS (macOS)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124020);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/10/30 13:24:46\");\n\n script_cve_id(\"CVE-2019-5585\");\n script_bugtraq_id(107693);\n\n script_name(english:\"Fortinet FortiClient 6.0.1 < 6.0.5 Local DoS (macOS)\");\n script_summary(english:\"Checks the version of FortiClient.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote MacOS is affected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Fortinet FortiClient Mac running on the remote host is\nprior to 6.0.5. It is, therefore, affected by a Denial of Service (DoS)\nvulnerability. An improper access control vulnerability in FortiClientMac\nmay allow an attacker to affect the application's performance via modifying\nthe content of a file used by several FortiClientMac processes.\");\n # https://fortiguard.com/psirt/FG-IR-19-003\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?87550a3c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Fortinet FortiClient 6.0.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-5585\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:fortinet:forticlient\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macos_forticlient_detect.nbin\");\n script_require_keys(\"installed_sw/FortiClient (macOS)\", \"Host/local_checks_enabled\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/MacOSX/Version')) audit(AUDIT_OS_NOT, 'Mac OS X');\n\nget_kb_item_or_exit('installed_sw/FortiClient (macOS)');\napp_info = vcf::get_app_info(app:'FortiClient (macOS)');\n\nconstraints = [\n {'min_version' : '6.0.1', 'fixed_version' : '6.0.5'}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);\n", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}}]}