CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-1453

The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 37.1%

CVSS Severity

CVSS v2 Score 5.0

References

http://seclists.org/fulldisclosure/2015/Jan/124
http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiClient_Multiple_Vulnerabilities.pdf
http://www.securityfocus.com/bid/72383
http://seclists.org/fulldisclosure/2015/Jan/124
http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiClient_Multiple_Vulnerabilities.pdf
http://www.securityfocus.com/bid/72383

Products affected by CVE-2015-1453

Fortinet » Forticlient » Version: 5.0

cpe:2.3:a:fortinet:forticlient:5.0
Fortinet » Forticlient » Version: 5.2.3.091

cpe:2.3:a:fortinet:forticlient:5.2.3.091

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-1453

Products

Pricing

Contact Us