Fortinet FortiClient 6.0.1 < 6.0.5 Local DoS (macOS)

medium Nessus Plugin ID 124020

Synopsis

The remote MacOS is affected by a denial of service vulnerability.

Description

The version of Fortinet FortiClient Mac running on the remote host is prior to 6.0.5. It is, therefore, affected by a Denial of Service (DoS) vulnerability. An improper access control vulnerability in FortiClientMac may allow an attacker to affect the application's performance via modifying the content of a file used by several FortiClientMac processes.

Solution

Upgrade to Fortinet FortiClient 6.0.5 or later.

See Also

http://www.nessus.org/u?87550a3c

Plugin Details

Severity: Medium

ID: 124020

File Name: macos_forticlient_6_0_5.nasl

Version: 1.2

Type: local

Agent: macosx

Published: 4/12/2019

Updated: 10/30/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Low

Base Score: 3.6

Temporal Score: 2.7

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P

CVSS Score Source: CVE-2019-5585

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.3

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:fortinet:forticlient

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, installed_sw/FortiClient (macOS)

Exploit Ease: No known exploits are available

Patch Publication Date: 1/31/2019

Vulnerability Publication Date: 4/2/2019

Reference Information

CVE: CVE-2019-5585

BID: 107693