Vulnerability Details : CVE-2023-37939
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning.
Products affected by CVE-2023-37939
- Fortinet » Forticlient » For LinuxVersions from including (>=) 6.4.0 and up to, including, (<=) 6.4.9cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*
- Fortinet » Forticlient » For LinuxVersions from including (>=) 6.2.0 and up to, including, (<=) 6.2.9cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*
- Fortinet » Forticlient » For WindowsVersions from including (>=) 6.4.0 and up to, including, (<=) 6.4.10cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*
- Fortinet » Forticlient » For MacosVersions from including (>=) 6.4.0 and up to, including, (<=) 6.4.10cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*
- Fortinet » Forticlient » For MacosVersions from including (>=) 6.2.0 and up to, including, (<=) 6.2.9cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*
- Fortinet » Forticlient » For WindowsVersions from including (>=) 7.0.0 and up to, including, (<=) 7.0.9cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*
- Fortinet » Forticlient » For LinuxVersions from including (>=) 7.0.0 and up to, including, (<=) 7.0.9cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*
- Fortinet » Forticlient » For WindowsVersions from including (>=) 6.2.0 and up to, including, (<=) 6.2.9cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*
- Fortinet » Forticlient » For MacosVersions from including (>=) 7.0.0 and up to, including, (<=) 7.0.9cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*
- cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:linux:*:*
- cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:macos:*:*
- cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:windows:*:*
- cpe:2.3:a:fortinet:forticlient:7.2.1:*:*:*:*:macos:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-37939
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-37939
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.3
|
LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
1.8
|
1.4
|
NIST | |
3.3
|
LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
1.8
|
1.4
|
Fortinet, Inc. |
References for CVE-2023-37939
-
https://fortiguard.com/psirt/FG-IR-22-235
PSIRT Advisories | FortiGuardVendor Advisory
Jump to