Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Forticlient
(Fortinet)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 62 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-03-12 | CVE-2019-17658 | An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path. | Forticlient | 9.8 | ||
| 2019-05-30 | CVE-2018-13368 | A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection. | Forticlient | 7.8 | ||
| 2020-06-04 | CVE-2019-16150 | Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded key. | Forticlient | N/A | ||
| 2018-04-26 | CVE-2017-17543 | Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms. | Forticlient, Forticlient_sslvpn_client | 7.5 | ||
| 2017-12-15 | CVE-2017-14184 | An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations. | Forticlient, Forticlient_sslvpn_client | 8.8 | ||
| 2020-02-06 | CVE-2019-17652 | A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "StartAvCustomScan" type IPC client requests to the fctsched process due the argv data not been well sanitized. | Forticlient | N/A | ||
| 2020-02-07 | CVE-2019-16155 | A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite. | Forticlient | N/A | ||
| 2020-02-06 | CVE-2019-16152 | A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated. | Forticlient | N/A | ||
| 2020-02-06 | CVE-2019-15711 | A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process. | Forticlient | N/A | ||
| 2019-11-21 | CVE-2019-17650 | An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check. | Forticlient | N/A |