CVE-2019-5585 - Vulnerability Details - OpenCVE

An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several FortiClientMac processes.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Forticlient	Forticlient

Configuration 1 [-]

OR	cpe:2.3:a:forticlient:forticlient:6.0.1:::::mac_os_x::
	cpe:2.3:a:forticlient:forticlient:6.0.2:::::mac_os_x::
	cpe:2.3:a:forticlient:forticlient:6.0.3:::::mac_os_x::
	cpe:2.3:a:forticlient:forticlient:6.0.4:::::mac_os_x::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/107693
https://fortiguard.com/advisory/FG-IR-19-003

History

Sat, 26 Oct 2024 08:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2019-04-09T20:57:14

Updated: 2024-10-25T14:07:15.479Z

Reserved: 2019-01-07T00:00:00

Link: CVE-2019-5585

Vulnrichment

Updated: 2024-08-04T20:01:51.942Z

NVD

Status : Modified

Published: 2019-04-09T21:29:03.707

Modified: 2024-11-21T04:45:10.730

Link: CVE-2019-5585

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "FortiClientMac", "vendor": "Fortinet", "versions": [{"status": "affected", "version": "6.0.4"}, {"status": "affected", "version": "6.0.3"}, {"status": "affected", "version": "6.0.2"}, {"status": "affected", "version": "6.0.1"}]}], "datePublic": "2019-04-02T00:00:00", "descriptions": [{"lang": "en", "value": "An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several FortiClientMac processes."}], "problemTypes": [{"descriptions": [{"description": "Denial of service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-09T20:57:14", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet"}, "references": [{"name": "107693", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/107693"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://fortiguard.com/advisory/FG-IR-19-003"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2019-5585", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FortiClientMac", "version": {"version_data": [{"version_value": "6.0.4"}, {"version_value": "6.0.3"}, {"version_value": "6.0.2"}, {"version_value": "6.0.1"}]}}]}, "vendor_name": "Fortinet"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several FortiClientMac processes."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of service"}]}]}, "references": {"reference_data": [{"name": "107693", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107693"}, {"name": "https://fortiguard.com/advisory/FG-IR-19-003", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-19-003"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:01:51.942Z"}, "title": "CVE Program Container", "references": [{"name": "107693", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/107693"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://fortiguard.com/advisory/FG-IR-19-003"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-23T13:59:59.058259Z", "id": "CVE-2019-5585", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T14:07:15.479Z"}}]}, "cveMetadata": {"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2019-5585", "datePublished": "2019-04-09T20:57:14", "dateReserved": "2019-01-07T00:00:00", "dateUpdated": "2024-10-25T14:07:15.479Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.securityfocus.com/bid/107693", "name": "107693", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "https://fortiguard.com/advisory/FG-IR-19-003", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:01:51.942Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-5585", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-23T13:59:59.058259Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T14:01:14.863Z"}}], "cna": {"affected": [{"vendor": "Fortinet", "product": "FortiClientMac", "versions": [{"status": "affected", "version": "6.0.4"}, {"status": "affected", "version": "6.0.3"}, {"status": "affected", "version": "6.0.2"}, {"status": "affected", "version": "6.0.1"}]}], "datePublic": "2019-04-02T00:00:00", "references": [{"url": "http://www.securityfocus.com/bid/107693", "name": "107693", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "https://fortiguard.com/advisory/FG-IR-19-003", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several FortiClientMac processes."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Denial of service"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2019-04-09T20:57:14"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "6.0.4"}, {"version_value": "6.0.3"}, {"version_value": "6.0.2"}, {"version_value": "6.0.1"}]}, "product_name": "FortiClientMac"}]}, "vendor_name": "Fortinet"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/107693", "name": "107693", "refsource": "BID"}, {"url": "https://fortiguard.com/advisory/FG-IR-19-003", "name": "https://fortiguard.com/advisory/FG-IR-19-003", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several FortiClientMac processes."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of service"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-5585", "STATE": "PUBLIC", "ASSIGNER": "psirt@fortinet.com"}}}}, "cveMetadata": {"cveId": "CVE-2019-5585", "state": "PUBLISHED", "dateUpdated": "2024-10-25T14:07:15.479Z", "dateReserved": "2019-01-07T00:00:00", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2019-04-09T20:57:14", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:forticlient:forticlient:6.0.1:*:*:*:*:mac_os_x:*:*", "matchCriteriaId": "93DDC279-C998-4716-B0B8-A141C2B4178A", "vulnerable": true}, {"criteria": "cpe:2.3:a:forticlient:forticlient:6.0.2:*:*:*:*:mac_os_x:*:*", "matchCriteriaId": "4E703FAC-E315-46A7-8E00-12B583A3FC56", "vulnerable": true}, {"criteria": "cpe:2.3:a:forticlient:forticlient:6.0.3:*:*:*:*:mac_os_x:*:*", "matchCriteriaId": "79584239-EA8F-4A17-839B-D0382BA45024", "vulnerable": true}, {"criteria": "cpe:2.3:a:forticlient:forticlient:6.0.4:*:*:*:*:mac_os_x:*:*", "matchCriteriaId": "821D145D-55DC-4E97-A76A-5BCEE32C5E77", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several FortiClientMac processes."}, {"lang": "es", "value": "Una vulnerabilidad de control de acceso inapropiada en FortiClientMac anterior a la versi\u00f3n 6.0.5 puede permitir que un atacante afecte el rendimiento de la aplicaci\u00f3n por medio de la modificaci\u00f3n del contenido de un archivo utilizado por varios procesos de FortiClientMac."}], "id": "CVE-2019-5585", "lastModified": "2024-11-21T04:45:10.730", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-09T21:29:03.707", "references": [{"source": "psirt@fortinet.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107693"}, {"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/advisory/FG-IR-19-003"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107693"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/advisory/FG-IR-19-003"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}