Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet forticlient vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2019-5589
An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version prior to 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading...
Fortinet Forticlient
9
CVSSv2
CVE-2016-8493
In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability.
Fortinet Forticlient 5.4.2
Fortinet Forticlient 5.4.1
7.9
CVSSv2
CVE-2021-22127
An improper input validation vulnerability in FortiClient for Linux 6.4.x prior to 6.4.3, FortiClient for Linux 6.2.x prior to 6.2.9 may allow an unauthenticated malicious user to execute arbitrary code on the host operating system as root via tricking the user into connecting to...
Fortinet Forticlient
7.8
CVSSv2
CVE-2005-4570
The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote malicious users to cause a denial of service (termination of a process that is automatically restarted) via IKE packets...
7.6
CVSSv2
CVE-2017-7344
A privilege escalation in Fortinet FortiClient Windows 5.4.3 and previous versions as well as 5.6.0 allows malicious user to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and...
Fortinet Forticlient 5.6.0
Fortinet Forticlient
7.5
CVSSv2
CVE-2021-24019
An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an malicious user to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via o...
Fortinet Forticlient Endpoint Management Server
7.5
CVSSv2
CVE-2019-17658
An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an malicious user to gain elevated privileges via the FortiClientConsole executable service path.
Fortinet Forticlient
1 Github repository
7.2
CVSSv2
CVE-2021-36183
An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged malicious user to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates.
Fortinet Forticlient
7.2
CVSSv2
CVE-2021-26089
An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase.
Fortinet Forticlient
7.2
CVSSv2
CVE-2019-15711
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process.
Fortinet Forticlient
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »