cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-50564,https://securityvulnerability.io/vulnerability/CVE-2024-50564,Hard-Coded Cryptographic Key Vulnerability in Fortinet FortiClient for Windows,"A vulnerability in Fortinet's FortiClient for Windows exists due to a hard-coded cryptographic key. This flaw permits low-privileged users to potentially decrypt interprocess communication by monitoring named pipes. The affected versions include 7.4.0, 7.2.x, 7.0.x, and 6.4.x. Organizations using these versions should assess their exposure to this issue, as it may lead to unauthorized data access and compromise the security of sensitive information.",Fortinet,Forticlientwindows,3.2,LOW,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T14:15:00.000Z,0
CVE-2022-45856,https://securityvulnerability.io/vulnerability/CVE-2022-45856,Improper Certificate Validation Vulnerability May Allow Unauthenticated MITM Attack on SAML SSO Feature,"An improper certificate validation vulnerability exists in FortiClient products, potentially enabling an unauthenticated attacker to intercept and manipulate communications between FortiClient and both service providers and identity providers. This vulnerability impacts various platforms including Windows, Mac, Linux, Android, and iOS across multiple versions. Proper validation of certificates is critical to prevent man-in-the-middle attacks, which could lead to unauthorized information exposure and loss of data integrity.",Fortinet,"ForticlientiOS,Forticlientandroid,Forticlientmac,Forticlientlinux,Forticlientwindows",5.9,MEDIUM,0.0008699999889358878,false,false,false,false,,false,false,2024-09-10T14:37:48.663Z,0
CVE-2024-31489,https://securityvulnerability.io/vulnerability/CVE-2024-31489,FortiClient Zero-Day Vulnerability Allows Remote Man-in-the-Middle Attacks,"An improper certificate validation vulnerability in Fortinet's FortiClient software allows remote, unauthenticated attackers to exploit the communication channel between FortiGate and FortiClient during ZTNA tunnel creation. This flaw can potentially enable a Man-in-the-Middle attack, where attackers could intercept and manipulate data in transit, compromising the integrity and confidentiality of sensitive information exchanged during secure connections.",Fortinet,"Forticlientmac,Forticlientems,Forticlientlinux,Forticlientwindows",8.1,HIGH,0.000910000002477318,false,false,false,false,,false,false,2024-09-10T14:37:48.066Z,0
CVE-2023-41840,https://securityvulnerability.io/vulnerability/CVE-2023-41840,Untrusted Search Path Vulnerability in Fortinet FortiClient Software,"A vulnerability exists in Fortinet FortiClient software, specifically in version 7.0.9, that allows an attacker to execute a DLL Hijack attack. This security flaw arises from an untrusted search path, which can be exploited through a malicious OpenSSL engine library. By leveraging this vulnerability, attackers can potentially execute harmful code on affected systems, compromising the integrity and confidentiality of sensitive data. It is crucial for users to stay informed about this issue and apply the necessary security updates to mitigate risks.",Fortinet,Forticlientwindows,7.4,HIGH,0.000539999979082495,false,false,false,false,,false,false,2023-11-14T18:15:00.000Z,0
CVE-2023-33304,https://securityvulnerability.io/vulnerability/CVE-2023-33304,,A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials.,Fortinet,Forticlientwindows,4.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-11-14T18:15:00.000Z,0
CVE-2022-40681,https://securityvulnerability.io/vulnerability/CVE-2022-40681,Authorization Flaw in Fortinet FortiClient for Windows,"An authorization flaw in Fortinet FortiClient for Windows allows attackers to exploit a vulnerability by sending specially crafted requests to a targeted named pipe. This can result in a denial of service, potentially disrupting the functionality of the affected product versions. Users are encouraged to apply the latest updates to mitigate this vulnerability.",Fortinet,Forticlientwindows,7.1,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2023-11-14T18:08:24.769Z,0
CVE-2023-37939,https://securityvulnerability.io/vulnerability/CVE-2023-37939,,"An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning.",Fortinet,"Forticlientmac,Forticlientwindows,Forticlientlinux",3,LOW,0.0004199999966658652,false,false,false,false,,false,false,2023-10-10T17:15:00.000Z,0
CVE-2022-33877,https://securityvulnerability.io/vulnerability/CVE-2022-33877,,"An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter (Windows) versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConverter is installed in an insecure folder.",Fortinet,"Forticonverter,Forticlientwindows",6.8,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2023-06-13T08:41:40.721Z,0
CVE-2022-43946,https://securityvulnerability.io/vulnerability/CVE-2022-43946,Fortinet FortiClient Windows Vulnerability with Permission Issues and Race Condition,"Fortinet FortiClient Windows versions prior to 7.0.7 contain multiple vulnerabilities that can lead to significant security risks. An improper permission assignment allows attackers on the same file-sharing network to gain unauthorized access to critical resources. Additionally, a time-of-check to time-of-use (TOCTOU) race condition vulnerability enables attackers to manipulate command execution by writing data into a Windows pipe, potentially leading to further exploitation. Mitigating these vulnerabilities is essential for ensuring comprehensive network security.",Fortinet,Forticlientwindows,7.3,HIGH,0.0015999999595806003,false,false,false,false,,false,false,2023-04-11T16:06:46.259Z,0
CVE-2022-42470,https://securityvulnerability.io/vulnerability/CVE-2022-42470,Relative Path Traversal Vulnerability in Fortinet FortiClient,"A vulnerability in Fortinet FortiClient for Windows allows attackers to exploit a relative path traversal flaw. This issue arises in certain versions, enabling an attacker to send a specially crafted request through a named pipe, which could result in unauthorized code execution or commands. Users of FortiClient versions 7.0.0 to 7.0.7, 6.4.0 to 6.4.9, 6.2.0 to 6.2.9, and 6.0.0 to 6.0.10 are advised to update their software to mitigate potential security risks. For further details, visit the official Fortinet guidance [here](https://fortiguard.com/psirt/FG-IR-22-320).",Fortinet,Forticlientwindows,7.1,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2023-04-11T16:06:02.222Z,0
CVE-2022-40682,https://securityvulnerability.io/vulnerability/CVE-2022-40682,Authorization Flaw in Fortinet FortiClient for Windows,"An incorrect authorization vulnerability in Fortinet's FortiClient for Windows versions 6.0.0 to 7.0.7 allows attackers to execute unauthorized commands. By sending specially crafted requests to a specific named pipe, an attacker can gain control over the system and execute arbitrary code. This security flaw highlights the importance of adhering to secure coding practices and the necessity of regular updates to maintain system integrity.",Fortinet,Forticlientwindows,7.1,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2023-04-11T16:05:59.314Z,0
CVE-2021-41031,https://securityvulnerability.io/vulnerability/CVE-2021-41031,,"A relative path traversal vulnerability [CWE-23] in FortiClient for Windows versions 7.0.2 and prior, 6.4.6 and prior and 6.2.9 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for FortiESNAC service.",Fortinet,Fortinet Forticlientwindows,7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2022-07-18T16:40:12.000Z,0
CVE-2022-26113,https://securityvulnerability.io/vulnerability/CVE-2022-26113,,"An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.10 may allow a local attacker to perform an arbitrary file write on the system.",Fortinet,Fortinet Forticlientwindows,7.7,HIGH,0.0008500000112690032,false,false,false,false,,false,false,2022-07-18T16:36:04.000Z,0
CVE-2021-43066,https://securityvulnerability.io/vulnerability/CVE-2021-43066,,"A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer.",Fortinet,Fortinet Forticlientwindows,8.4,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2022-05-11T15:40:10.000Z,0
CVE-2021-44169,https://securityvulnerability.io/vulnerability/CVE-2021-44169,,"A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory.",Fortinet,Fortinet Forticlientwindows,8.2,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2022-04-06T09:30:20.000Z,0
CVE-2021-41028,https://securityvulnerability.io/vulnerability/CVE-2021-41028,,"A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol.",Fortinet,"Fortinet Forticlientems, Forticlientwindows, Forticlientlinux, Forticlientmac",8.2,HIGH,0.000699999975040555,false,false,false,false,,false,false,2021-12-16T18:13:38.000Z,0
CVE-2021-36167,https://securityvulnerability.io/vulnerability/CVE-2021-36167,,An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater.,Fortinet,Fortinet Forticlientwindows,4.3,MEDIUM,0.0008900000248104334,false,false,false,false,,false,false,2021-12-09T09:33:17.000Z,0
CVE-2021-43204,https://securityvulnerability.io/vulnerability/CVE-2021-43204,,"A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2.9 and below, version 6.0.10 and below allows attacker to cause a complete denial of service of its components via changes of directory access permissions.",Fortinet,Fortinet Forticlientwindows,4.4,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2021-12-09T09:04:29.000Z,0
CVE-2021-32592,https://securityvulnerability.io/vulnerability/CVE-2021-32592,,"An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path.",Fortinet,"Fortinet Forticlientwindows, Forticlientems",7.8,HIGH,0.0006300000241026282,false,false,false,false,,false,false,2021-12-01T11:27:11.000Z,0
CVE-2021-36183,https://securityvulnerability.io/vulnerability/CVE-2021-36183,,An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates.,Fortinet,Fortinet Forticlientwindows,7.4,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2021-11-02T18:41:28.000Z,0
CVE-2019-17658,https://securityvulnerability.io/vulnerability/CVE-2019-17658,,An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.,Fortinet,Fortinet Forticlientwindows,9.8,CRITICAL,0.002219999907538295,false,false,false,true,true,false,false,2020-03-12T21:26:00.000Z,0
CVE-2018-9190,https://securityvulnerability.io/vulnerability/CVE-2018-9190,,A null pointer dereference vulnerability in Fortinet FortiClientWindows 6.0.2 and earlier allows attacker to cause a denial of service via the NDIS miniport driver.,Fortinet,Fortinet Forticlientwindows,5.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2019-02-08T19:29:00.000Z,0
CVE-2017-7344,https://securityvulnerability.io/vulnerability/CVE-2017-7344,,"A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows ""security alert"" dialog thereby popping up when the ""VPN before logon"" feature is enabled and an untrusted certificate chain.",Fortinet,Forticlientwindows,8.1,HIGH,0.008469999767839909,false,false,false,false,,false,false,2017-12-14T18:29:00.000Z,0