cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-15934,https://securityvulnerability.io/vulnerability/CVE-2020-15934,Local Privilege Escalation Vulnerability in FortiClient for Linux,"CVE-2020-15934 is a vulnerability affecting FortiClient for Linux that allows local users to execute commands with elevated privileges due to the VCM engine handling certain operations improperly. Specifically, this vulnerability enables the creation of malicious scripts or programs by an unprivileged user that, when executed, can escalate their privileges to root on the target machine. Affected versions include FortiClient for Linux versions 6.2.7 and earlier, as well as version 6.4.0. It is crucial for users of these versions to apply security updates and follow best practices to mitigate this risk.",Fortinet,Forticlientlinux,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-19T10:57:39.255Z,0
CVE-2022-45856,https://securityvulnerability.io/vulnerability/CVE-2022-45856,Improper Certificate Validation Vulnerability May Allow Unauthenticated MITM Attack on SAML SSO Feature,"An improper certificate validation vulnerability exists in FortiClient products, potentially enabling an unauthenticated attacker to intercept and manipulate communications between FortiClient and both service providers and identity providers. This vulnerability impacts various platforms including Windows, Mac, Linux, Android, and iOS across multiple versions. Proper validation of certificates is critical to prevent man-in-the-middle attacks, which could lead to unauthorized information exposure and loss of data integrity.",Fortinet,"ForticlientiOS,Forticlientandroid,Forticlientmac,Forticlientlinux,Forticlientwindows",5.9,MEDIUM,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-09-10T14:37:48.663Z,0
CVE-2024-31489,https://securityvulnerability.io/vulnerability/CVE-2024-31489,FortiClient Zero-Day Vulnerability Allows Remote Man-in-the-Middle Attacks,"An improper certificate validation vulnerability in Fortinet's FortiClient software allows remote, unauthenticated attackers to exploit the communication channel between FortiGate and FortiClient during ZTNA tunnel creation. This flaw can potentially enable a Man-in-the-Middle attack, where attackers could intercept and manipulate data in transit, compromising the integrity and confidentiality of sensitive information exchanged during secure connections.",Fortinet,"Forticlientmac,Forticlientems,Forticlientlinux,Forticlientwindows",8.1,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2024-09-10T14:37:48.066Z,0
CVE-2023-45590,https://securityvulnerability.io/vulnerability/CVE-2023-45590,FortiClientLinux Code Injection Vulnerability Allows Unauthorized Code Execution,"A vulnerability reported in Fortinet's FortiClientLinux allows for code injection due to improper handling of code generation. This security flaw affects specific versions of the software, including 7.2.0 and versions from 7.0.3 to 7.0.10. Attackers can exploit this vulnerability by tricking users into accessing a malicious website, potentially allowing unauthorized code execution on their systems, which could lead to further compromises.",Fortinet,Forticlientlinux,8.8,HIGH,0.00107999995816499,false,,true,false,false,,,false,false,,2024-04-09T14:24:19.922Z,0
CVE-2023-37939,https://securityvulnerability.io/vulnerability/CVE-2023-37939,"Information Disclosure in FortiClient for Windows, Linux, and Mac by Fortinet","A vulnerability in FortiClient could allow a local authenticated attacker without administrative privileges to potentially access sensitive information. This includes the ability to view a list of files or folders that have been excluded from malware scanning, thereby exposing sensitive data inadvertently. The issue affects multiple versions of FortiClient across different operating systems including Windows, Linux, and Mac.",Fortinet,"Forticlientmac,Forticlientwindows,Forticlientlinux",3,LOW,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-10-10T17:15:00.000Z,0
CVE-2021-44167,https://securityvulnerability.io/vulnerability/CVE-2021-44167,Improper Permission Assignment in FortiClient for Linux,"A vulnerability exists in FortiClient for Linux versions 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, and 7.0.2 and below due to incorrect permission assignments on critical resources. This flaw allows unauthenticated attackers to exploit symbolic links, potentially gaining unauthorized access to sensitive information contained in log files and directories, posing a significant security risk.",Fortinet,Fortinet Forticlientlinux,6.8,MEDIUM,0.0016799999866634607,false,,false,false,false,,,false,false,,2022-05-11T14:25:10.000Z,0
CVE-2021-22127,https://securityvulnerability.io/vulnerability/CVE-2021-22127,Improper Input Validation in FortiClient for Linux Products,"An input validation issue in FortiClient for Linux allows unauthenticated attackers to potentially execute arbitrary code on the host operating system with root privileges. This vulnerability arises when a user connects to a network that has been maliciously named, thereby enabling threat actors to exploit this flaw. The affected versions include 6.4.x before 6.4.3 and 6.2.x before 6.2.9, emphasizing the need for prompt updates to ensure system security.",Fortinet,Fortinet Forticlientlinux,7.1,HIGH,0.0006900000153109431,false,,false,false,false,,,false,false,,2022-04-06T16:00:33.000Z,0
CVE-2021-43205,https://securityvulnerability.io/vulnerability/CVE-2021-43205,Information Exposure Vulnerability in FortiClient for Linux by Fortinet,"FortiClient for Linux has a vulnerability that can expose sensitive information to unauthorized users. Specifically, versions 7.0.2 and earlier, as well as 6.4.7 and 6.2.9 are affected. An unauthenticated attacker can potentially access the confighandler webserver via external binaries, posing a risk of sensitive data being compromised. Organizations using these versions should consider updating to mitigate this risk.",Fortinet,Fortinet Forticlientlinux,4.3,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-04-06T09:15:36.000Z,0
CVE-2021-41028,https://securityvulnerability.io/vulnerability/CVE-2021-41028,Man-in-the-middle Attack Vulnerability in Fortinet FortiClient Products,"The vulnerability arises from the use of hard-coded cryptographic keys in versions of FortiClientEMS and improper certificate validation in FortiClient for Windows, Linux, and Mac. This flawed implementation enables an unauthenticated and network-adjacent attacker to potentially execute a man-in-the-middle attack through the telemetry protocol, compromising secure communication between the EMS and FortiClient.",Fortinet,"Fortinet Forticlientems, Forticlientwindows, Forticlientlinux, Forticlientmac",8.2,HIGH,0.000699999975040555,false,,false,false,false,,,false,false,,2021-12-16T18:13:38.000Z,0
CVE-2019-16155,https://securityvulnerability.io/vulnerability/CVE-2019-16155,Privilege Escalation Vulnerability in FortiClient for Linux by Fortinet,"FortiClient for Linux versions 6.2.1 and earlier exhibit a vulnerability that allows users with low privileges to execute arbitrary file overwrites as root. This occurs via specially crafted 'BackupConfig' IPC client requests directed at the fctsched process, enabling unauthorized modifications to system files. Moreover, versions 6.2.2 and earlier permit low privilege users to write to system backup files through the GUI, resulting in potential root access and system instability. These weaknesses highlight significant risks in maintaining system integrity and protecting sensitive data.",Fortinet,Fortinet Forticlientlinux,7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-02-07T14:47:28.000Z,0
CVE-2019-16152,https://securityvulnerability.io/vulnerability/CVE-2019-16152,Denial of Service Vulnerability in FortiClient for Linux,"A Denial of Service vulnerability exists in FortiClient for Linux versions 6.2.1 and earlier. This issue allows an attacker with low privileges to destabilize FortiClient's processes that run with root privileges. The vulnerability occurs due to improper validation of inter-process communication (IPC) client requests sent to the fctsched process, leading to potential system crashes. It is crucial for users to apply updates or patches from Fortinet to remediate this security concern and protect their systems.",Fortinet,Fortinet Forticlientlinux,6.5,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2020-02-06T15:27:36.000Z,0
CVE-2019-17652,https://securityvulnerability.io/vulnerability/CVE-2019-17652,Stack Buffer Overflow in FortiClient for Linux by Fortinet,"A stack buffer overflow vulnerability exists in FortiClient for Linux versions 6.2.1 and earlier, allowing a low-privilege user to send specially crafted IPC requests to the fctsched process. This improper sanitization of the argv data can lead to crashes in FortiClient processes running with root privileges, potentially disrupting the security features of the software.",Fortinet,Fortinet Forticlientlinux,6.5,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2020-02-06T15:23:33.000Z,0
CVE-2019-15711,https://securityvulnerability.io/vulnerability/CVE-2019-15711,Privilege Escalation Vulnerability in FortiClient for Linux,"A privilege escalation issue exists in FortiClient for Linux that could enable low-privileged users to execute system commands with root privileges. This vulnerability arises from the improper handling of specially crafted 'ExportLogs' IPC client requests by the fctsched process, potentially allowing unauthorized actions that compromise system security.",Fortinet,Fortinet Forticlientlinux,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2020-02-06T15:10:07.000Z,0