cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-47574,https://securityvulnerability.io/vulnerability/CVE-2024-47574,Low-privilege attacker can execute arbitrary code with high privileges via spoofed named pipe messages,"An authentication bypass vulnerability in Fortinet's FortiClient allows low-privilege attackers to execute arbitrary code by exploiting a weakness in the named pipe messaging system. This flaw affects multiple versions, providing avenues for potential unauthorized access and execution of malicious actions. Organizations using the impacted versions are advised to apply updates to safeguard against exploitation.",Fortinet,Forticlient,7.8,HIGH,0.0004299999854993075,false,,false,false,true,2024-11-14T22:22:13.000Z,,false,false,,2024-11-13T12:15:00.000Z,0
CVE-2024-36507,https://securityvulnerability.io/vulnerability/CVE-2024-36507,DLL Hijacking Vulnerability in Fortinet FortiClient Windows,"The DLL hijacking vulnerability in Fortinet FortiClient for Windows arises from an untrusted search path in specific versions of the software. This flaw can be exploited by attackers to execute arbitrary code on the system. Successful exploitation necessitates social engineering techniques, which may lure users into initiating a malicious application. Users of FortiClient Windows versions 7.4.0, 7.2.4, 7.2.0, 7.0.12, and 7.0.0 are at risk and should take appropriate measures to secure their systems.",Fortinet,Forticlient,7.8,HIGH,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-11-12T19:15:00.000Z,0
CVE-2024-40592,https://securityvulnerability.io/vulnerability/CVE-2024-40592,Improper Cryptographic Signature Verification in FortiClient for macOS,"A vulnerability in FortiClient for macOS allows local authenticated attackers to exploit an improper verification of cryptographic signatures. This occurs due to a race condition during installation, which could lead to the replacement of the legitimate installer with a malicious package, potentially jeopardizing user security.",Fortinet,Forticlient,6.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-12T19:15:00.000Z,0
CVE-2024-36513,https://securityvulnerability.io/vulnerability/CVE-2024-36513,Privilege Escalation Vulnerability in FortiClient Windows by Fortinet,"A privilege context switching error vulnerability exists in FortiClient Windows that allows an authenticated user to escalate their privileges. This vulnerability arises from the exploitation of lua auto patch scripts, which can lead to unauthorized access and manipulation of the system. The affected versions include FortiClient Windows 7.2.4 and earlier, 7.0.12 and earlier, and all versions of 6.4. It's crucial for users of these versions to be aware of this vulnerability and take appropriate measures to mitigate potential risks.",Fortinet,Forticlient,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-12T19:15:00.000Z,0
CVE-2022-26122,https://securityvulnerability.io/vulnerability/CVE-2022-26122,"Insufficient Data Verification in Fortinet’s FortiClient, FortiMail, and FortiOS Products","Fortinet has identified a vulnerability within its FortiClient, FortiMail, and FortiOS products that stems from inadequate verification of data authenticity. This flaw can be exploited by attackers who manipulate MIME attachments by introducing junk and pad characters in base64 encoding. As a result, the affected AV engines, specifically versions 6.2.168 and below, and 6.4.274 and below, may be circumvented, allowing potential unauthorized actions and data breaches. Users are urged to review the impact of this vulnerability and take appropriate measures.",Fortinet,"Fortinet Av Engine, Fortimail, FortiOS, Forticlient",4.7,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0
CVE-2019-16150,https://securityvulnerability.io/vulnerability/CVE-2019-16150,Hard-Coded Cryptographic Key Vulnerability in FortiClient for Windows,"The vulnerability pertains to the use of a hard-coded cryptographic key in FortiClient for Windows, versions prior to 6.4.0. This flaw allows an attacker with access to the local storage or the configuration backup file to decrypt sensitive security data. The hard-coded nature of the key raises significant concerns about the confidentiality of encrypted information, making it imperative for users to upgrade to a patched version to mitigate risks associated with unauthorized data access.",Fortinet,Fortinet Forticlient For Windows,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-06-04T12:27:29.000Z,0
CVE-2020-9291,https://securityvulnerability.io/vulnerability/CVE-2020-9291,Insecure Temporary File Vulnerability in FortiClient for Windows,"An Insecure Temporary File vulnerability exists in FortiClient for Windows versions up to 6.2.1, which could allow a local user to exploit the system. By exhausting the pool of temporary file names through a symbolic link attack, the user may achieve elevated privileges, potentially compromising system integrity and security. Users of the affected versions are advised to apply patches and take preventative measures to secure their systems.",Fortinet,Fortinet Forticlient For Windows,6.3,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-06-01T18:39:42.000Z,0
CVE-2020-9287,https://securityvulnerability.io/vulnerability/CVE-2020-9287,Unsafe Search Path Vulnerability in FortiClient EMS by Fortinet,"An unsafe search path vulnerability allows a local attacker who controls the directory containing the FortiClientEMSOnlineInstaller.exe to introduce malicious Filter Library DLL files. This could lead to unauthorized arbitrary code execution on the targeted system, posing significant security risks.",Fortinet,Fortinet Forticlient Ems,7.8,HIGH,0.0006900000153109431,false,,false,false,false,,,false,false,,2020-03-15T21:56:00.000Z,0
CVE-2020-9290,https://securityvulnerability.io/vulnerability/CVE-2020-9290,Unsafe Search Path vulnerability in FortiClient for Windows by Fortinet,"An Unsafe Search Path vulnerability exists in the FortiClient for Windows online installer, where a local attacker can leverage control over the installer directory to execute arbitrary code. By placing malicious Filter Library DLL files in the directory where the FortiClient installers reside (FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe), an attacker can compromise the system, leading to potential data breaches and system instability.",Fortinet,Fortinet Forticlient For Windows,7.8,HIGH,0.0006900000153109431,false,,false,false,false,,,false,false,,2020-03-15T21:52:05.000Z,0
CVE-2019-17650,https://securityvulnerability.io/vulnerability/CVE-2019-17650,Command Injection Vulnerability in FortiClient for Mac OS by Fortinet,"A vulnerability exists in FortiClient for Mac OS that allows a local user to exploit improper neutralization of special elements used in commands. This leads to the potential execution of unauthorized code with root privileges by bypassing critical security checks, making systems running the FortiClient software susceptible to malicious activities.",Fortinet,Forticlient For Mac Os,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2019-11-21T15:03:58.000Z,0
CVE-2018-9195,https://securityvulnerability.io/vulnerability/CVE-2018-9195,Man-in-the-Middle Vulnerability in FortiGuard Services for Fortinet Products,"The vulnerability presents a risk due to the use of a hardcoded cryptographic key within the FortiGuard services communication protocol. This oversight allows attackers with knowledge of the key to launch a Man-in-the-Middle attack, enabling them to intercept, eavesdrop on, and potentially alter data transmitted between Fortinet products and FortiGuard servers. This includes modifications to URL/SPAM services in FortiOS versions 5.6 and 6.0, as well as URL rating functionalities in FortiClient. Immediate action is recommended to mitigate risks associated with unauthorized access to sensitive information.",Fortinet,"Forticlient For Windows,FortiOS,Forticlient For Mac Os",5.9,MEDIUM,0.001509999972768128,false,,false,false,false,,,false,false,,2019-11-21T14:59:52.000Z,0
CVE-2019-15704,https://securityvulnerability.io/vulnerability/CVE-2019-15704,Sensitive Information Exposure in FortiClient for Mac,"FortiClient for Mac contains a vulnerability that permits local attackers to read sensitive data logged to the console window during the establishment of a connection to an SSL VPN Gateway. This may lead to unauthorized access to information stored in clear text, which poses a risk to user privacy and data security.",Fortinet,Forticlient For Mac Os,5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2019-11-21T14:53:57.000Z,0
CVE-2019-6692,https://securityvulnerability.io/vulnerability/CVE-2019-6692,Malicious DLL Preload Vulnerability in Fortinet FortiClient for Windows,"A malicious DLL preload vulnerability exists in Fortinet FortiClient for Windows that allows attackers to execute arbitrary code by forging a malicious DLL. This flaw impacts FortiClient versions 6.2.0 and earlier, posing significant security risks to systems running vulnerable versions.",Fortinet,Fortinet Forticlient For Windows,7.8,HIGH,0.0007200000109151006,false,,false,false,false,,,false,false,,2019-10-24T13:46:16.000Z,0
CVE-2018-9193,https://securityvulnerability.io/vulnerability/CVE-2018-9193,Local Privilege Escalation in Fortinet FortiClient for Windows,"A local privilege escalation vulnerability exists in Fortinet FortiClient for Windows versions 6.0.4 and earlier. This flaw allows an attacker to execute unauthorized code or commands by exploiting the improper parsing of specific files. Attackers with local access could leverage this vulnerability to gain elevated privileges, potentially compromising sensitive information or system integrity. It is essential for users to update their FortiClient applications to mitigate such risks.",Fortinet,Fortinet Forticlient For Windows,7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2019-05-30T16:27:54.000Z,0
CVE-2018-13368,https://securityvulnerability.io/vulnerability/CVE-2018-13368,Local Privilege Escalation Vulnerability in Fortinet FortiClient for Windows,"A local privilege escalation vulnerability in Fortinet FortiClient for Windows versions 6.0.4 and earlier allows an attacker to execute unauthorized code or commands via command injection techniques. This could lead to unauthorized access and manipulation of system resources, posing a significant security risk to affected installations. Proper patching and security measures are recommended to mitigate the risk associated with this vulnerability.",Fortinet,Fortinet Forticlient For Windows,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2019-05-30T16:27:34.000Z,0
CVE-2018-9191,https://securityvulnerability.io/vulnerability/CVE-2018-9191,Local Privilege Escalation in Fortinet FortiClient for Windows,"A local privilege escalation vulnerability in Fortinet's FortiClient for Windows versions 6.0.4 and earlier can be leveraged by attackers to execute unauthorized commands or code. This occurs through a named pipe associated with the FortiClient update process, allowing exploitation if an attacker gains access to the affected system.",Fortinet,Fortinet Forticlient For Windows,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2019-05-30T16:27:18.000Z,0
CVE-2019-5589,https://securityvulnerability.io/vulnerability/CVE-2019-5589,Unsafe Search Path Vulnerability in FortiClient by Fortinet,"An Unsafe Search Path vulnerability exists in the FortiClient Online Installer for Windows versions prior to 6.0.6. This flaw could be exploited by an unauthenticated remote attacker who has control over the directory containing FortiClientOnlineInstaller.exe, enabling them to execute arbitrary code on the affected system. The attacker can achieve this by uploading malicious .dll files into the installer's directory, leading to potential system compromise.",Fortinet,Fortinet Forticlient For Windows,7.8,HIGH,0.002300000051036477,false,,false,false,false,,,false,false,,2019-05-28T21:42:19.000Z,0
CVE-2017-17543,https://securityvulnerability.io/vulnerability/CVE-2017-17543,,"Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms.",Fortinet,"Forticlient For Windows,Forticlient For Mac Osx,Forticlient Sslvpn Client For Linux",7.5,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2018-04-26T20:29:00.000Z,0
CVE-2017-14184,https://securityvulnerability.io/vulnerability/CVE-2017-14184,,"An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.",Fortinet,"Forticlient For Windows,Forticlient For Mac Osx,Forticlient Sslvpn Client For Linux",8.8,HIGH,0.0010100000072270632,false,,false,false,false,,,false,false,,2017-12-15T21:29:00.000Z,0
CVE-2016-8493,https://securityvulnerability.io/vulnerability/CVE-2016-8493,,"In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability.",Fortinet,Fortinet Forticlient,8.8,HIGH,0.0009500000160187483,false,,false,false,false,,,false,false,,2017-06-26T17:00:00.000Z,0
CVE-2015-7362,https://securityvulnerability.io/vulnerability/CVE-2015-7362,,"Fortinet FortiClient Linux SSLVPN before build 2313, when installed on Linux in a home directory that is world readable and executable, allows local users to gain privileges via the helper/subroc setuid program.",Fortinet,Forticlient,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2016-01-08T19:00:00.000Z,0
CVE-2015-5736,https://securityvulnerability.io/vulnerability/CVE-2015-5736,,The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call.,Fortinet,Forticlient,,,0.0006099999882280827,false,,false,false,false,,,false,false,,2015-09-03T14:00:00.000Z,0
CVE-2015-5737,https://securityvulnerability.io/vulnerability/CVE-2015-5737,,"The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call.",Fortinet,Forticlient,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2015-09-03T14:00:00.000Z,0
CVE-2015-5735,https://securityvulnerability.io/vulnerability/CVE-2015-5735,,"The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to write to arbitrary memory locations via a 0x226108 ioctl call.",Fortinet,Forticlient,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2015-09-03T14:00:00.000Z,0
CVE-2015-4077,https://securityvulnerability.io/vulnerability/CVE-2015-4077,,"The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call.",Fortinet,Forticlient,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2015-09-03T14:00:00.000Z,0