cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-40592,https://securityvulnerability.io/vulnerability/CVE-2024-40592,Improper Cryptographic Signature Verification in FortiClient for macOS,"A vulnerability in FortiClient for macOS allows local authenticated attackers to exploit an improper verification of cryptographic signatures. This occurs due to a race condition during installation, which could lead to the replacement of the legitimate installer with a malicious package, potentially jeopardizing user security.",Fortinet,Forticlient,6.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-11-12T19:15:00.000Z,0
CVE-2024-36507,https://securityvulnerability.io/vulnerability/CVE-2024-36507,DLL Hijacking Vulnerability in Fortinet FortiClient Windows,"The DLL hijacking vulnerability in Fortinet FortiClient for Windows arises from an untrusted search path in specific versions of the software. This flaw can be exploited by attackers to execute arbitrary code on the system. Successful exploitation necessitates social engineering techniques, which may lure users into initiating a malicious application. Users of FortiClient Windows versions 7.4.0, 7.2.4, 7.2.0, 7.0.12, and 7.0.0 are at risk and should take appropriate measures to secure their systems.",Fortinet,Forticlient,7.8,HIGH,0.0005300000193528831,false,false,false,false,,false,false,2024-11-12T19:15:00.000Z,0
CVE-2024-36513,https://securityvulnerability.io/vulnerability/CVE-2024-36513,Privilege Escalation Vulnerability in FortiClient Windows by Fortinet,"A privilege context switching error vulnerability exists in FortiClient Windows that allows an authenticated user to escalate their privileges. This vulnerability arises from the exploitation of lua auto patch scripts, which can lead to unauthorized access and manipulation of the system. The affected versions include FortiClient Windows 7.2.4 and earlier, 7.0.12 and earlier, and all versions of 6.4. It's crucial for users of these versions to be aware of this vulnerability and take appropriate measures to mitigate potential risks.",Fortinet,Forticlient,8.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-11-12T19:15:00.000Z,0
CVE-2022-26122,https://securityvulnerability.io/vulnerability/CVE-2022-26122,,"An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64.",Fortinet,"Fortinet Av Engine, Fortimail, FortiOS, Forticlient",4.7,MEDIUM,0.0007300000288523734,false,false,false,false,,false,false,2022-11-02T00:00:00.000Z,0
CVE-2019-16150,https://securityvulnerability.io/vulnerability/CVE-2019-16150,,Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded key.,Fortinet,Fortinet Forticlient For Windows,5.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2020-06-04T12:27:29.000Z,0
CVE-2020-9291,https://securityvulnerability.io/vulnerability/CVE-2020-9291,,An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.,Fortinet,Fortinet Forticlient For Windows,6.3,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2020-06-01T18:39:42.000Z,0
CVE-2020-9287,https://securityvulnerability.io/vulnerability/CVE-2020-9287,,An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.,Fortinet,Fortinet Forticlient Ems,7.8,HIGH,0.0006900000153109431,false,false,false,false,,false,false,2020-03-15T21:56:00.000Z,0
CVE-2020-9290,https://securityvulnerability.io/vulnerability/CVE-2020-9290,,An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.,Fortinet,Fortinet Forticlient For Windows,7.8,HIGH,0.0006900000153109431,false,false,false,false,,false,false,2020-03-15T21:52:05.000Z,0
CVE-2019-17650,https://securityvulnerability.io/vulnerability/CVE-2019-17650,,"An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check.",Fortinet,Forticlient For Mac Os,7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2019-11-21T15:03:58.000Z,0
CVE-2018-9195,https://securityvulnerability.io/vulnerability/CVE-2018-9195,,"Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below.",Fortinet,"Forticlient For Windows,FortiOS,Forticlient For Mac Os",5.9,MEDIUM,0.001509999972768128,false,false,false,false,,false,false,2019-11-21T14:59:52.000Z,0
CVE-2019-15704,https://securityvulnerability.io/vulnerability/CVE-2019-15704,,A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway.,Fortinet,Forticlient For Mac Os,5.5,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2019-11-21T14:53:57.000Z,0
CVE-2019-6692,https://securityvulnerability.io/vulnerability/CVE-2019-6692,,A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform arbitrary code execution via forging that DLL.,Fortinet,Fortinet Forticlient For Windows,7.8,HIGH,0.0007200000109151006,false,false,false,false,,false,false,2019-10-24T13:46:16.000Z,0
CVE-2018-9193,https://securityvulnerability.io/vulnerability/CVE-2018-9193,,A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the parsing of the file.,Fortinet,Fortinet Forticlient For Windows,7.8,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2019-05-30T16:27:54.000Z,0
CVE-2018-13368,https://securityvulnerability.io/vulnerability/CVE-2018-13368,,A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection.,Fortinet,Fortinet Forticlient For Windows,7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2019-05-30T16:27:34.000Z,0
CVE-2018-9191,https://securityvulnerability.io/vulnerability/CVE-2018-9191,,A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates.,Fortinet,Fortinet Forticlient For Windows,7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2019-05-30T16:27:18.000Z,0
CVE-2019-5589,https://securityvulnerability.io/vulnerability/CVE-2019-5589,,"An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory.",Fortinet,Fortinet Forticlient For Windows,7.8,HIGH,0.002300000051036477,false,false,false,false,,false,false,2019-05-28T21:42:19.000Z,0
CVE-2017-17543,https://securityvulnerability.io/vulnerability/CVE-2017-17543,,"Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms.",Fortinet,"Forticlient For Windows,Forticlient For Mac Osx,Forticlient Sslvpn Client For Linux",7.5,HIGH,0.001180000021122396,false,false,false,false,,false,false,2018-04-26T20:29:00.000Z,0
CVE-2017-14184,https://securityvulnerability.io/vulnerability/CVE-2017-14184,,"An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.",Fortinet,"Forticlient For Windows,Forticlient For Mac Osx,Forticlient Sslvpn Client For Linux",8.8,HIGH,0.0010100000072270632,false,false,false,false,,false,false,2017-12-15T21:29:00.000Z,0
CVE-2016-8493,https://securityvulnerability.io/vulnerability/CVE-2016-8493,,"In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability.",Fortinet,Fortinet Forticlient,8.8,HIGH,0.0009500000160187483,false,false,false,false,,false,false,2017-06-26T17:00:00.000Z,0
CVE-2015-7362,https://securityvulnerability.io/vulnerability/CVE-2015-7362,,"Fortinet FortiClient Linux SSLVPN before build 2313, when installed on Linux in a home directory that is world readable and executable, allows local users to gain privileges via the helper/subroc setuid program.",Fortinet,Forticlient,7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2016-01-08T19:00:00.000Z,0
CVE-2015-5736,https://securityvulnerability.io/vulnerability/CVE-2015-5736,,The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call.,Fortinet,Forticlient,,,0.0006099999882280827,false,false,false,false,,false,false,2015-09-03T14:00:00.000Z,0
CVE-2015-5737,https://securityvulnerability.io/vulnerability/CVE-2015-5737,,"The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call.",Fortinet,Forticlient,,,0.0004199999966658652,false,false,false,false,,false,false,2015-09-03T14:00:00.000Z,0
CVE-2015-5735,https://securityvulnerability.io/vulnerability/CVE-2015-5735,,"The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to write to arbitrary memory locations via a 0x226108 ioctl call.",Fortinet,Forticlient,,,0.0004199999966658652,false,false,false,false,,false,false,2015-09-03T14:00:00.000Z,0
CVE-2015-4077,https://securityvulnerability.io/vulnerability/CVE-2015-4077,,"The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call.",Fortinet,Forticlient,,,0.0004199999966658652,false,false,false,false,,false,false,2015-09-03T14:00:00.000Z,0
CVE-2015-1569,https://securityvulnerability.io/vulnerability/CVE-2015-1569,,"Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate.",Fortinet,Forticlient,,,0.000590000010561198,false,false,false,false,,false,false,2015-02-10T20:59:00.000Z,0