cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2019-16150,https://securityvulnerability.io/vulnerability/CVE-2019-16150,Hard-Coded Cryptographic Key Vulnerability in FortiClient for Windows,"The vulnerability pertains to the use of a hard-coded cryptographic key in FortiClient for Windows, versions prior to 6.4.0. This flaw allows an attacker with access to the local storage or the configuration backup file to decrypt sensitive security data. The hard-coded nature of the key raises significant concerns about the confidentiality of encrypted information, making it imperative for users to upgrade to a patched version to mitigate risks associated with unauthorized data access.",Fortinet,Fortinet Forticlient For Windows,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-06-04T12:27:29.000Z,0
CVE-2020-9291,https://securityvulnerability.io/vulnerability/CVE-2020-9291,Insecure Temporary File Vulnerability in FortiClient for Windows,"An Insecure Temporary File vulnerability exists in FortiClient for Windows versions up to 6.2.1, which could allow a local user to exploit the system. By exhausting the pool of temporary file names through a symbolic link attack, the user may achieve elevated privileges, potentially compromising system integrity and security. Users of the affected versions are advised to apply patches and take preventative measures to secure their systems.",Fortinet,Fortinet Forticlient For Windows,6.3,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-06-01T18:39:42.000Z,0
CVE-2020-9290,https://securityvulnerability.io/vulnerability/CVE-2020-9290,Unsafe Search Path vulnerability in FortiClient for Windows by Fortinet,"An Unsafe Search Path vulnerability exists in the FortiClient for Windows online installer, where a local attacker can leverage control over the installer directory to execute arbitrary code. By placing malicious Filter Library DLL files in the directory where the FortiClient installers reside (FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe), an attacker can compromise the system, leading to potential data breaches and system instability.",Fortinet,Fortinet Forticlient For Windows,7.8,HIGH,0.0006900000153109431,false,,false,false,false,,,false,false,,2020-03-15T21:52:05.000Z,0
CVE-2018-9195,https://securityvulnerability.io/vulnerability/CVE-2018-9195,Man-in-the-Middle Vulnerability in FortiGuard Services for Fortinet Products,"The vulnerability presents a risk due to the use of a hardcoded cryptographic key within the FortiGuard services communication protocol. This oversight allows attackers with knowledge of the key to launch a Man-in-the-Middle attack, enabling them to intercept, eavesdrop on, and potentially alter data transmitted between Fortinet products and FortiGuard servers. This includes modifications to URL/SPAM services in FortiOS versions 5.6 and 6.0, as well as URL rating functionalities in FortiClient. Immediate action is recommended to mitigate risks associated with unauthorized access to sensitive information.",Fortinet,"Forticlient For Windows,FortiOS,Forticlient For Mac Os",5.9,MEDIUM,0.001509999972768128,false,,false,false,false,,,false,false,,2019-11-21T14:59:52.000Z,0
CVE-2019-6692,https://securityvulnerability.io/vulnerability/CVE-2019-6692,Malicious DLL Preload Vulnerability in Fortinet FortiClient for Windows,"A malicious DLL preload vulnerability exists in Fortinet FortiClient for Windows that allows attackers to execute arbitrary code by forging a malicious DLL. This flaw impacts FortiClient versions 6.2.0 and earlier, posing significant security risks to systems running vulnerable versions.",Fortinet,Fortinet Forticlient For Windows,7.8,HIGH,0.0007200000109151006,false,,false,false,false,,,false,false,,2019-10-24T13:46:16.000Z,0
CVE-2018-9193,https://securityvulnerability.io/vulnerability/CVE-2018-9193,Local Privilege Escalation in Fortinet FortiClient for Windows,"A local privilege escalation vulnerability exists in Fortinet FortiClient for Windows versions 6.0.4 and earlier. This flaw allows an attacker to execute unauthorized code or commands by exploiting the improper parsing of specific files. Attackers with local access could leverage this vulnerability to gain elevated privileges, potentially compromising sensitive information or system integrity. It is essential for users to update their FortiClient applications to mitigate such risks.",Fortinet,Fortinet Forticlient For Windows,7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2019-05-30T16:27:54.000Z,0
CVE-2018-13368,https://securityvulnerability.io/vulnerability/CVE-2018-13368,Local Privilege Escalation Vulnerability in Fortinet FortiClient for Windows,"A local privilege escalation vulnerability in Fortinet FortiClient for Windows versions 6.0.4 and earlier allows an attacker to execute unauthorized code or commands via command injection techniques. This could lead to unauthorized access and manipulation of system resources, posing a significant security risk to affected installations. Proper patching and security measures are recommended to mitigate the risk associated with this vulnerability.",Fortinet,Fortinet Forticlient For Windows,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2019-05-30T16:27:34.000Z,0
CVE-2018-9191,https://securityvulnerability.io/vulnerability/CVE-2018-9191,Local Privilege Escalation in Fortinet FortiClient for Windows,"A local privilege escalation vulnerability in Fortinet's FortiClient for Windows versions 6.0.4 and earlier can be leveraged by attackers to execute unauthorized commands or code. This occurs through a named pipe associated with the FortiClient update process, allowing exploitation if an attacker gains access to the affected system.",Fortinet,Fortinet Forticlient For Windows,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2019-05-30T16:27:18.000Z,0
CVE-2019-5589,https://securityvulnerability.io/vulnerability/CVE-2019-5589,Unsafe Search Path Vulnerability in FortiClient by Fortinet,"An Unsafe Search Path vulnerability exists in the FortiClient Online Installer for Windows versions prior to 6.0.6. This flaw could be exploited by an unauthenticated remote attacker who has control over the directory containing FortiClientOnlineInstaller.exe, enabling them to execute arbitrary code on the affected system. The attacker can achieve this by uploading malicious .dll files into the installer's directory, leading to potential system compromise.",Fortinet,Fortinet Forticlient For Windows,7.8,HIGH,0.002300000051036477,false,,false,false,false,,,false,false,,2019-05-28T21:42:19.000Z,0
CVE-2017-17543,https://securityvulnerability.io/vulnerability/CVE-2017-17543,,"Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms.",Fortinet,"Forticlient For Windows,Forticlient For Mac Osx,Forticlient Sslvpn Client For Linux",7.5,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2018-04-26T20:29:00.000Z,0
CVE-2017-14184,https://securityvulnerability.io/vulnerability/CVE-2017-14184,,"An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.",Fortinet,"Forticlient For Windows,Forticlient For Mac Osx,Forticlient Sslvpn Client For Linux",8.8,HIGH,0.0010100000072270632,false,,false,false,false,,,false,false,,2017-12-15T21:29:00.000Z,0