CVE-2017-17543: Weak Encryption
First published: Thu Apr 26 2018(Updated: )
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiClient Windows | <=5.6.0 | |
| Fortinet Forticlient | <=5.6.0 | |
| Fortinet Forticlient Sslvpn Client | <=4.4.2335 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2017-17543?
CVE-2017-17543 is a vulnerability in Fortinet FortiClient for Windows, Mac OSX, and Linux that allows for unsafely encrypted VPN authentication credentials.
Which versions of Fortinet FortiClient are affected by CVE-2017-17543?
Fortinet FortiClient for Windows versions up to and including 5.6.0, FortiClient for Mac OSX versions up to and including 5.6.0, and FortiClient SSLVPN Client for Linux versions up to and including 4.4.2335 are affected by CVE-2017-17543.
What is the severity of CVE-2017-17543?
CVE-2017-17543 has a severity rating of 7.5, which is considered high.
How are users' VPN authentication credentials unsafely encrypted in Fortinet FortiClient?
Users' VPN authentication credentials in Fortinet FortiClient are unsafely encrypted due to the use of a static encryption key and weak encryption methods.
Is there a fix available for CVE-2017-17543?
Yes, Fortinet has released fixes and patches for the affected versions of FortiClient. It is recommended to update to the latest version to mitigate this vulnerability.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/softwarecombine
- vendor/fortinet
- canonical/fortinet forticlient windows
- version/fortinet forticlient windows/5.6.0
- canonical/fortinet forticlient
- version/fortinet forticlient/5.6.0
- canonical/fortinet forticlient sslvpn client
- version/fortinet forticlient sslvpn client/4.4.2335