Search...

CVE-2019-5585

2019-04-09T21:29:00

ID CVE-2019-5585
Type cve
Reporter cve@mitre.org
Modified 2020-08-24T17:37:00

Description

An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several FortiClientMac processes.

JSON Vulners Source

Initial Source

{"id": "CVE-2019-5585", "bulletinFamily": "NVD", "title": "CVE-2019-5585", "description": "An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several FortiClientMac processes.", "published": "2019-04-09T21:29:00", "modified": "2020-08-24T17:37:00", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-5585", "reporter": "cve@mitre.org", "references": ["https://fortiguard.com/advisory/FG-IR-19-003", "http://www.securityfocus.com/bid/107693"], "cvelist": ["CVE-2019-5585"], "type": "cve", "lastseen": "2020-10-03T13:38:55", "edition": 4, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["MACOS_FORTICLIENT_6_0_5.NASL"]}], "modified": "2020-10-03T13:38:55", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2020-10-03T13:38:55", "rev": 2}, "vulnersScore": 4.4}, "cpe": ["cpe:/a:forticlient:forticlient:6.0.1", "cpe:/a:forticlient:forticlient:6.0.4", "cpe:/a:forticlient:forticlient:6.0.3", "cpe:/a:forticlient:forticlient:6.0.2"], "affectedSoftware": [{"cpeName": "forticlient:forticlient", "name": "forticlient", "operator": "eq", "version": "6.0.3"}, {"cpeName": "forticlient:forticlient", "name": "forticlient", "operator": "eq", "version": "6.0.4"}, {"cpeName": "forticlient:forticlient", "name": "forticlient", "operator": "eq", "version": "6.0.1"}, {"cpeName": "forticlient:forticlient", "name": "forticlient", "operator": "eq", "version": "6.0.2"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 4.2}, "cpe23": ["cpe:2.3:a:forticlient:forticlient:6.0.1:*:*:*:*:mac_os_x:*:*", "cpe:2.3:a:forticlient:forticlient:6.0.2:*:*:*:*:mac_os_x:*:*", "cpe:2.3:a:forticlient:forticlient:6.0.4:*:*:*:*:mac_os_x:*:*", "cpe:2.3:a:forticlient:forticlient:6.0.3:*:*:*:*:mac_os_x:*:*"], "cwe": ["NVD-CWE-noinfo"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:forticlient:forticlient:6.0.1:*:*:*:*:mac_os_x:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:forticlient:forticlient:6.0.4:*:*:*:*:mac_os_x:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:forticlient:forticlient:6.0.3:*:*:*:*:mac_os_x:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:forticlient:forticlient:6.0.2:*:*:*:*:mac_os_x:*:*", "vulnerable": true}], "operator": "OR"}]}}

{"nessus": [{"lastseen": "2021-01-01T03:22:36", "description": "The version of Fortinet FortiClient Mac running on the remote host is\nprior to 6.0.5. It is, therefore, affected by a Denial of Service (DoS)\nvulnerability. An improper access control vulnerability in FortiClientMac\nmay allow an attacker to affect the application's performance via modifying\nthe content of a file used by several FortiClientMac processes.", "edition": 18, "cvss3": {"score": 6.1, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H"}, "published": "2019-04-12T00:00:00", "title": "Fortinet FortiClient 6.0.1 < 6.0.5 Local DoS (macOS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-5585"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:fortinet:forticlient"], "id": "MACOS_FORTICLIENT_6_0_5.NASL", "href": "https://www.tenable.com/plugins/nessus/124020", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124020);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/10/30 13:24:46\");\n\n script_cve_id(\"CVE-2019-5585\");\n script_bugtraq_id(107693);\n\n script_name(english:\"Fortinet FortiClient 6.0.1 < 6.0.5 Local DoS (macOS)\");\n script_summary(english:\"Checks the version of FortiClient.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote MacOS is affected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Fortinet FortiClient Mac running on the remote host is\nprior to 6.0.5. It is, therefore, affected by a Denial of Service (DoS)\nvulnerability. An improper access control vulnerability in FortiClientMac\nmay allow an attacker to affect the application's performance via modifying\nthe content of a file used by several FortiClientMac processes.\");\n # https://fortiguard.com/psirt/FG-IR-19-003\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?87550a3c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Fortinet FortiClient 6.0.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-5585\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:fortinet:forticlient\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macos_forticlient_detect.nbin\");\n script_require_keys(\"installed_sw/FortiClient (macOS)\", \"Host/local_checks_enabled\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/MacOSX/Version')) audit(AUDIT_OS_NOT, 'Mac OS X');\n\nget_kb_item_or_exit('installed_sw/FortiClient (macOS)');\napp_info = vcf::get_app_info(app:'FortiClient (macOS)');\n\nconstraints = [\n {'min_version' : '6.0.1', 'fixed_version' : '6.0.5'}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);\n", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}}]}