Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Forticlient
(Fortinet)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 68 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-01-14 | CVE-2024-50564 | A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped. | Forticlient | 3.3 | ||
| 2024-04-10 | CVE-2024-31492 | An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. | Forticlient | 7.8 | ||
| 2024-11-13 | CVE-2024-47574 | A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages. | Forticlient | 7.8 | ||
| 2024-12-19 | CVE-2020-15934 | An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine. | Forticlient | 7.8 | ||
| 2024-04-09 | CVE-2023-45590 | An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website | Forticlient | 8.8 | ||
| 2024-05-06 | CVE-2024-3661 | DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. | Anyconnect_vpn_client, Secure_client, Secure_access_client, Big\-Ip_access_policy_manager, Forticlient, Globalprotect, Ipsec_mobile_vpn_client, Mobile_vpn_with_ssl, Client_connector | 7.6 | ||
| 2020-03-15 | CVE-2020-9290 | An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory. | Forticlient, Forticlient_virtual_private_network | 7.8 | ||
| 2020-06-01 | CVE-2020-9291 | An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack. | Forticlient | 7.8 | ||
| 2021-07-12 | CVE-2021-26089 | An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase. | Forticlient | 7.8 | ||
| 2021-11-02 | CVE-2021-36183 | An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates. | Forticlient | 7.8 |