CVE-2023-37939

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://fortiguard.com/psirt/FG-IR-22-235	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fortinet:forticlient::::::linux::*
	cpe:2.3:a:fortinet:forticlient::::::macos::*
	cpe:2.3:a:fortinet:forticlient::::::windows::*
	cpe:2.3:a:fortinet:forticlient::::::linux::*
	cpe:2.3:a:fortinet:forticlient::::::macos::*
	cpe:2.3:a:fortinet:forticlient::::::windows::*
	cpe:2.3:a:fortinet:forticlient::::::linux::*
	cpe:2.3:a:fortinet:forticlient::::::macos::*
	cpe:2.3:a:fortinet:forticlient::::::windows::*
	cpe:2.3:a:fortinet:forticlient:7.2.0:::::linux::
	cpe:2.3:a:fortinet:forticlient:7.2.0:::::macos::
	cpe:2.3:a:fortinet:forticlient:7.2.0:::::windows::
	cpe:2.3:a:fortinet:forticlient:7.2.1:::::macos::

History

No history.

Information

Published : 2023-10-10 17:15

Updated : 2023-11-07 04:17

NVD link : CVE-2023-37939

Mitre link : CVE-2023-37939

CVE.ORG link : CVE-2023-37939

JSON object : View

Products Affected

fortinet

forticlient

CWE

NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2023-37939", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2023-10-10T17:15:12.333", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-22-235", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in\u00a0FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of\u00a0files or folders excluded from malware scanning."}, {"lang": "es", "value": "Una exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado [CWE-200] en FortiClient para Windows 7.2.0, 7.0 todas las versiones, 6.4 todas las versiones, 6.2 todas las versiones, Linux 7.2.0, 7.0 todas las versiones, 6.4 todas las versiones, 6.2 todas y Mac 7.2.0 a 7.2.1, 7.0 todas las versiones, 6.4 todas las versiones, 6.2 todas las versiones, pueden permitir que un atacante local autenticado sin privilegios administrativos recupere la lista de archivos o carpetas excluidas del an\u00e1lisis de malware."}], "lastModified": "2023-11-07T04:17:09.370", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "2F0755CA-2961-4F74-8044-761178AB0312", "versionEndIncluding": "6.2.9", "versionStartIncluding": "6.2.0"}, {"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "6EE22D2E-DE73-47FE-91DE-4C4B8FDB4C0E", "versionEndIncluding": "6.2.9", "versionStartIncluding": "6.2.0"}, {"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "C5601CD7-A7CE-4FC5-A635-B20B415DC8C4", "versionEndIncluding": "6.2.9", "versionStartIncluding": "6.2.0"}, {"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "16EB2BBF-5729-41B5-A093-36E4B2A2C90A", "versionEndIncluding": "6.4.9", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "525ECB5F-0FCE-4C9C-B939-66667367F573", "versionEndIncluding": "6.4.10", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "4C015491-F83B-4569-B0BB-0877C1D89C66", "versionEndIncluding": "6.4.10", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "8F15899F-6A19-4FD6-B736-C42F377B2F90", "versionEndIncluding": "7.0.9", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "F1C94527-471A-40B2-9030-6243BAE86579", "versionEndIncluding": "7.0.9", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "8E16F30C-4167-462E-B67E-6B8A449CC591", "versionEndIncluding": "7.0.9", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "88271718-0DD4-4717-B403-1B44E2E56C91"}, {"criteria": "cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "21028180-8FA9-43B3-AE71-D4967E7B7DE5"}, {"criteria": "cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "CEC62C6E-AA05-4AE9-86C5-47D6763206AF"}, {"criteria": "cpe:2.3:a:fortinet:forticlient:7.2.1:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "D1BD3792-2AE7-47F9-94E5-376C298EE437"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}