What is CVE-2017-17543?

CVE-2017-17543 is a vulnerability in Fortinet FortiClient for Windows, Mac OSX, and Linux that allows for unsafely encrypted VPN authentication credentials.

Which versions of Fortinet FortiClient are affected by CVE-2017-17543?

Fortinet FortiClient for Windows versions up to and including 5.6.0, FortiClient for Mac OSX versions up to and including 5.6.0, and FortiClient SSLVPN Client for Linux versions up to and including 4.4.2335 are affected by CVE-2017-17543.

What is the severity of CVE-2017-17543?

CVE-2017-17543 has a severity rating of 7.5, which is considered high.

How are users' VPN authentication credentials unsafely encrypted in Fortinet FortiClient?

Users' VPN authentication credentials in Fortinet FortiClient are unsafely encrypted due to the use of a static encryption key and weak encryption methods.

Is there a fix available for CVE-2017-17543?

Yes, Fortinet has released fixes and patches for the affected versions of FortiClient. It is recommended to update to the latest version to mitigate this vulnerability.

Vulnerability/
CVE-2017-17543

high

7.5

CWE

326

26/4/2018

25/10/2024

CVE-2017-17543: Weak Encryption

First published: Thu Apr 26 2018(Updated: )

Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms.

Credit: psirt@fortinet.com

Affected Software	Affected Version	How to fix
Fortinet FortiClient Windows	<=5.6.0
Fortinet Forticlient	<=5.6.0
Fortinet Forticlient Sslvpn Client	<=4.4.2335

Never miss a vulnerability like this again

Reference Links

https://fortiguard.com/advisory/FG-IR-17-214

Frequently Asked Questions

What is CVE-2017-17543?
CVE-2017-17543 is a vulnerability in Fortinet FortiClient for Windows, Mac OSX, and Linux that allows for unsafely encrypted VPN authentication credentials.
Which versions of Fortinet FortiClient are affected by CVE-2017-17543?
Fortinet FortiClient for Windows versions up to and including 5.6.0, FortiClient for Mac OSX versions up to and including 5.6.0, and FortiClient SSLVPN Client for Linux versions up to and including 4.4.2335 are affected by CVE-2017-17543.
What is the severity of CVE-2017-17543?
CVE-2017-17543 has a severity rating of 7.5, which is considered high.
How are users' VPN authentication credentials unsafely encrypted in Fortinet FortiClient?
Users' VPN authentication credentials in Fortinet FortiClient are unsafely encrypted due to the use of a static encryption key and weak encryption methods.
Is there a fix available for CVE-2017-17543?
Yes, Fortinet has released fixes and patches for the affected versions of FortiClient. It is recommended to update to the latest version to mitigate this vulnerability.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/references
agent/last-modified-date
agent/severity
agent/author
agent/description
agent/event
agent/tags
agent/first-publish-date
vendor/fortinet
canonical/fortinet forticlient windows
version/fortinet forticlient windows/5.6.0
canonical/fortinet forticlient
version/fortinet forticlient/5.6.0
canonical/fortinet forticlient sslvpn client
version/fortinet forticlient sslvpn client/4.4.2335

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.