Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet forticlient vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2019-6692
A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged malicious user to perform arbitrary code execution via forging that DLL.
Fortinet Forticlient
7.8
CVSSv3
CVE-2019-5589
An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version prior to 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading...
Fortinet Forticlient
NA
CVE-2015-4077
The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient prior to 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call.
Fortinet Forticlient
1 EDB exploit
7.8
CVSSv3
CVE-2021-41031
A relative path traversal vulnerability [CWE-23] in FortiClient for Windows versions 7.0.2 and prior, 6.4.6 and prior and 6.2.9 and below may allow a local unprivileged malicious user to escalate their privileges to SYSTEM via the named pipe responsible for FortiESNAC service.
Fortinet Forticlient
7.8
CVSSv3
CVE-2020-9291
An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.
Fortinet Forticlient
7.8
CVSSv3
CVE-2021-26089
An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase.
Fortinet Forticlient
7.8
CVSSv3
CVE-2022-42470
A relative path traversal vulnerability in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an malicious user to execute unauthorized code or commands via sending a crafted request to a specific named pipe.
Fortinet Forticlient
7.1
CVSSv3
CVE-2022-26113
An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 up to and including 7.0.3, 6.4.0 up to and including 6.4.7, 6.2.0 up to and including 6.2.9, 6.0.0 up to and including 6.0.10 may allow a local malicious user to perform an arbitrary file...
Fortinet Forticlient
7.8
CVSSv3
CVE-2021-36183
An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged malicious user to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates.
Fortinet Forticlient
NA
CVE-2015-1453
The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for malicious users to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences.
Fortinet Forticlient
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »