Details of VAR-201705-1347

ID

VAR-201705-1347

CVE

CVE-2016-8496

TITLE

Fortinet FortiClient SSLVPN CVE-2016-8496 Remote Code Execution Vulnerability

Trust: 0.3

sources: BID: 98738

DESCRIPTION

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none. Fortinet FortiClient SSLVPN is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of affected application. Failed attempts may lead to denial-of-service conditions. Versions prior to FortiClient SSLVPN with FortiOS 5.4.3 are vulnerable. Fortinet FortiClient SSL_VPN for Linux is a Linux-based VPN client from Fortinet for connecting to Fortinet devices. A security vulnerability exists in Fortinet FortiClient SSL_VPN for Linux. An attacker could use the FortiClient log file to exploit this vulnerability to overwrite arbitrary files

Trust: 1.26

sources: NVD: CVE-2016-8496 // BID: 98738 // VULHUB: VHN-97316

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.2	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.1	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.11	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.8	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.6	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.5	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.4	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.3	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.2	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.1	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.13	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.9	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.8	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.7	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.7.7	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.19	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.17	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.15	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.10	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.9	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.8	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.2.13	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.2.12	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.1.11	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.1.10	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	2.80	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	2.50	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	2.36	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.0	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.9	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.10	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.0	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.12	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.11	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.0	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.18	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.16	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.14	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.13	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.12	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	ne	version:	5.4.3	Trust: 0.3

sources: BID: 98738

THREAT TYPE

network

Trust: 0.3

sources: BID: 98738

TYPE

Unknown

Trust: 0.3

sources: BID: 98738

EXTERNAL IDS

db:	NVD	id:	CVE-2016-8496	Trust: 1.4
db:	BID	id:	98738	Trust: 0.4
db:	VULHUB	id:	VHN-97316	Trust: 0.1

sources: VULHUB: VHN-97316 // BID: 98738 // NVD: CVE-2016-8496

REFERENCES

url:	http://www.fortinet.com/	Trust: 0.4
url:	https://fortiguard.com/psirt/fg-ir-16-069	Trust: 0.4

sources: VULHUB: VHN-97316 // BID: 98738

CREDITS

Grzegorz Wrobel of STMSolutions.

Trust: 0.3

sources: BID: 98738

SOURCES

db:	VULHUB	id:	VHN-97316
db:	BID	id:	98738
db:	NVD	id:	CVE-2016-8496

LAST UPDATE DATE

2023-12-18T13:29:19.212000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-97316	date:	2017-06-27T00:00:00
db:	BID	id:	98738	date:	2017-04-05T00:00:00
db:	NVD	id:	CVE-2016-8496	date:	2023-11-07T02:36:14.827

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-97316	date:	2017-05-27T00:00:00
db:	BID	id:	98738	date:	2017-04-05T00:00:00
db:	NVD	id:	CVE-2016-8496	date:	2017-05-27T00:29:00.613