cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-45856,https://securityvulnerability.io/vulnerability/CVE-2022-45856,Improper Certificate Validation Vulnerability May Allow Unauthenticated MITM Attack on SAML SSO Feature,"An improper certificate validation vulnerability exists in FortiClient products, potentially enabling an unauthenticated attacker to intercept and manipulate communications between FortiClient and both service providers and identity providers. This vulnerability impacts various platforms including Windows, Mac, Linux, Android, and iOS across multiple versions. Proper validation of certificates is critical to prevent man-in-the-middle attacks, which could lead to unauthorized information exposure and loss of data integrity.",Fortinet,"ForticlientiOS,Forticlientandroid,Forticlientmac,Forticlientlinux,Forticlientwindows",5.9,MEDIUM,0.0008699999889358878,false,false,false,false,,false,false,2024-09-10T14:37:48.663Z,0
CVE-2024-31489,https://securityvulnerability.io/vulnerability/CVE-2024-31489,FortiClient Zero-Day Vulnerability Allows Remote Man-in-the-Middle Attacks,"An improper certificate validation vulnerability in Fortinet's FortiClient software allows remote, unauthenticated attackers to exploit the communication channel between FortiGate and FortiClient during ZTNA tunnel creation. This flaw can potentially enable a Man-in-the-Middle attack, where attackers could intercept and manipulate data in transit, compromising the integrity and confidentiality of sensitive information exchanged during secure connections.",Fortinet,"Forticlientmac,Forticlientems,Forticlientlinux,Forticlientwindows",8.1,HIGH,0.000910000002477318,false,false,false,false,,false,false,2024-09-10T14:37:48.066Z,0
CVE-2024-31492,https://securityvulnerability.io/vulnerability/CVE-2024-31492,Arbitrary Code Execution Vulnerability in FortiClientMac Installer,"An external control of file name or path vulnerability exists in FortiClient for Mac that can be exploited by local attackers. The vulnerability arises during the installation process, where a malicious configuration file can be introduced in the /tmp directory before the installation begins. This flaw may enable an attacker to execute arbitrary code or commands, posing a significant security risk to users with affected versions. Proper configuration and vigilance are essential to mitigate these risks and protect system integrity.",Fortinet,Forticlientmac,7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-04-10T13:24:56.859Z,0
CVE-2023-37939,https://securityvulnerability.io/vulnerability/CVE-2023-37939,,"An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning.",Fortinet,"Forticlientmac,Forticlientwindows,Forticlientlinux",3,LOW,0.0004199999966658652,false,false,false,false,,false,false,2023-10-10T17:15:00.000Z,0
CVE-2023-22635,https://securityvulnerability.io/vulnerability/CVE-2023-22635,,"A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions,  6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate their privileges via modifying the installer upon upgrade.",Fortinet,Forticlientmac,6.9,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2023-04-11T17:15:00.000Z,0
CVE-2022-33878,https://securityvulnerability.io/vulnerability/CVE-2022-33878,,An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal.,Fortinet,Fortinet Forticlientmac,2.2,LOW,0.0004199999966658652,false,false,false,false,,false,false,2022-11-02T00:00:00.000Z,0
CVE-2021-41028,https://securityvulnerability.io/vulnerability/CVE-2021-41028,,"A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol.",Fortinet,"Fortinet Forticlientems, Forticlientwindows, Forticlientlinux, Forticlientmac",8.2,HIGH,0.000699999975040555,false,false,false,false,,false,false,2021-12-16T18:13:38.000Z,0
CVE-2021-42754,https://securityvulnerability.io/vulnerability/CVE-2021-42754,,An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without the user permission via the malicious dylib file.,Fortinet,Fortinet Forticlientmac,3.2,LOW,0.0004400000034365803,false,false,false,false,,false,false,2021-11-02T18:56:19.000Z,0
CVE-2021-26089,https://securityvulnerability.io/vulnerability/CVE-2021-26089,,An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase.,Fortinet,Fortinet Forticlientmac,6.7,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2021-07-12T12:48:01.000Z,0
CVE-2019-5585,https://securityvulnerability.io/vulnerability/CVE-2019-5585,,An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several FortiClientMac processes.,Fortinet,Forticlientmac,6.1,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2019-04-09T20:57:14.000Z,0