Fortinet FortiClient < 6.2.2 Information Disclosure MitM (FG-IR-18-100) (macOS)
Medium Nessus Plugin ID 131284
SynopsisThe remote macOS host is affected by an information disclosure vulnerability.
DescriptionThe remote macOS host is running a version of Fortinet FortiClient prior to 6.2.2. It is, therefore, affected by an information disclosure man-in-the-middle vulnerability in the FortiGuard services communication protocol due to the use of a hardcoded cryptographic key. A remote attacker with knowledge of the hardcoded key can exploit this via the network to eavesdrop and modify information sent and received from FortiGuard servers.
SolutionUpgrade to Fortinet FortiClient 6.2.2 or later.