cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-40586,https://securityvulnerability.io/vulnerability/CVE-2024-40586,Improper Access Control in FortiClient Windows by Fortinet,"An improper access control vulnerability exists in FortiClient Windows that could enable a local user to escalate their privileges. This can occur via the FortiSSLVPNd service pipe when versions 7.4.0, 7.2.6 and earlier, or 7.0.13 and earlier are used, leaving systems susceptible to unauthorized access and control.",Fortinet,Forticlientwindows,6.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T16:09:06.665Z,0
CVE-2024-50564,https://securityvulnerability.io/vulnerability/CVE-2024-50564,Hard-Coded Cryptographic Key Vulnerability in Fortinet FortiClient for Windows,"A vulnerability in Fortinet's FortiClient for Windows exists due to a hard-coded cryptographic key. This flaw permits low-privileged users to potentially decrypt interprocess communication by monitoring named pipes. The affected versions include 7.4.0, 7.2.x, 7.0.x, and 6.4.x. Organizations using these versions should assess their exposure to this issue, as it may lead to unauthorized data access and compromise the security of sensitive information.",Fortinet,Forticlientwindows,3.3,LOW,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2022-45856,https://securityvulnerability.io/vulnerability/CVE-2022-45856,Improper Certificate Validation Vulnerability May Allow Unauthenticated MITM Attack on SAML SSO Feature,"An improper certificate validation vulnerability exists in FortiClient products, potentially enabling an unauthenticated attacker to intercept and manipulate communications between FortiClient and both service providers and identity providers. This vulnerability impacts various platforms including Windows, Mac, Linux, Android, and iOS across multiple versions. Proper validation of certificates is critical to prevent man-in-the-middle attacks, which could lead to unauthorized information exposure and loss of data integrity.",Fortinet,"ForticlientiOS,Forticlientandroid,Forticlientmac,Forticlientlinux,Forticlientwindows",5.9,MEDIUM,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-09-10T14:37:48.663Z,0
CVE-2024-31489,https://securityvulnerability.io/vulnerability/CVE-2024-31489,FortiClient Zero-Day Vulnerability Allows Remote Man-in-the-Middle Attacks,"An improper certificate validation vulnerability in Fortinet's FortiClient software allows remote, unauthenticated attackers to exploit the communication channel between FortiGate and FortiClient during ZTNA tunnel creation. This flaw can potentially enable a Man-in-the-Middle attack, where attackers could intercept and manipulate data in transit, compromising the integrity and confidentiality of sensitive information exchanged during secure connections.",Fortinet,"Forticlientmac,Forticlientems,Forticlientlinux,Forticlientwindows",8.1,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2024-09-10T14:37:48.066Z,0
CVE-2023-33304,https://securityvulnerability.io/vulnerability/CVE-2023-33304,Hard-Coded Credentials Vulnerability in Fortinet FortiClient,"A vulnerability exists in Fortinet FortiClient for Windows versions 7.0.0 to 7.0.9 and 7.2.0 to 7.2.1 due to the presence of hard-coded credentials. Attackers can exploit this weakness to bypass system protections, potentially leading to unauthorized access to sensitive information. It is critical for users to update their software to the latest versions to mitigate this risk and enhance their cybersecurity posture. For further details, please refer to Fortinet's PSIRT advisory.",Fortinet,Forticlientwindows,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-11-14T18:15:00.000Z,0
CVE-2023-41840,https://securityvulnerability.io/vulnerability/CVE-2023-41840,Untrusted Search Path Vulnerability in Fortinet FortiClient Software,"A vulnerability exists in Fortinet FortiClient software, specifically in version 7.0.9, that allows an attacker to execute a DLL Hijack attack. This security flaw arises from an untrusted search path, which can be exploited through a malicious OpenSSL engine library. By leveraging this vulnerability, attackers can potentially execute harmful code on affected systems, compromising the integrity and confidentiality of sensitive data. It is crucial for users to stay informed about this issue and apply the necessary security updates to mitigate risks.",Fortinet,Forticlientwindows,7.4,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2023-11-14T18:15:00.000Z,0
CVE-2022-40681,https://securityvulnerability.io/vulnerability/CVE-2022-40681,Authorization Flaw in Fortinet FortiClient for Windows,"An authorization flaw in Fortinet FortiClient for Windows allows attackers to exploit a vulnerability by sending specially crafted requests to a targeted named pipe. This can result in a denial of service, potentially disrupting the functionality of the affected product versions. Users are encouraged to apply the latest updates to mitigate this vulnerability.",Fortinet,Forticlientwindows,7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-11-14T18:08:24.769Z,0
CVE-2023-37939,https://securityvulnerability.io/vulnerability/CVE-2023-37939,"Information Disclosure in FortiClient for Windows, Linux, and Mac by Fortinet","A vulnerability in FortiClient could allow a local authenticated attacker without administrative privileges to potentially access sensitive information. This includes the ability to view a list of files or folders that have been excluded from malware scanning, thereby exposing sensitive data inadvertently. The issue affects multiple versions of FortiClient across different operating systems including Windows, Linux, and Mac.",Fortinet,"Forticlientmac,Forticlientwindows,Forticlientlinux",3,LOW,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-10-10T17:15:00.000Z,0
CVE-2022-33877,https://securityvulnerability.io/vulnerability/CVE-2022-33877,Incorrect Default Permission Vulnerability in FortiClient and FortiConverter by Fortinet,"FortiClient and FortiConverter for Windows exhibit a vulnerability related to incorrect default permissions. An authenticated local attacker may exploit this weakness to tamper with files within the installation folder, specifically if these applications are deployed in an insecure directory structure. This flaw may lead to unauthorized modifications and potential data compromise, emphasizing the importance of secure installations and permission settings for sensitive applications.",Fortinet,"Forticonverter,Forticlientwindows",6.8,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-06-13T08:41:40.721Z,0
CVE-2022-43946,https://securityvulnerability.io/vulnerability/CVE-2022-43946,Fortinet FortiClient Windows Vulnerability with Permission Issues and Race Condition,"Fortinet FortiClient Windows versions prior to 7.0.7 contain multiple vulnerabilities that can lead to significant security risks. An improper permission assignment allows attackers on the same file-sharing network to gain unauthorized access to critical resources. Additionally, a time-of-check to time-of-use (TOCTOU) race condition vulnerability enables attackers to manipulate command execution by writing data into a Windows pipe, potentially leading to further exploitation. Mitigating these vulnerabilities is essential for ensuring comprehensive network security.",Fortinet,Forticlientwindows,7.3,HIGH,0.0015999999595806003,false,,false,false,false,,,false,false,,2023-04-11T16:06:46.259Z,0
CVE-2022-42470,https://securityvulnerability.io/vulnerability/CVE-2022-42470,Relative Path Traversal Vulnerability in Fortinet FortiClient,"A vulnerability in Fortinet FortiClient for Windows allows attackers to exploit a relative path traversal flaw. This issue arises in certain versions, enabling an attacker to send a specially crafted request through a named pipe, which could result in unauthorized code execution or commands. Users of FortiClient versions 7.0.0 to 7.0.7, 6.4.0 to 6.4.9, 6.2.0 to 6.2.9, and 6.0.0 to 6.0.10 are advised to update their software to mitigate potential security risks. For further details, visit the official Fortinet guidance [here](https://fortiguard.com/psirt/FG-IR-22-320).",Fortinet,Forticlientwindows,7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-04-11T16:06:02.222Z,0
CVE-2022-40682,https://securityvulnerability.io/vulnerability/CVE-2022-40682,Authorization Flaw in Fortinet FortiClient for Windows,"An incorrect authorization vulnerability in Fortinet's FortiClient for Windows versions 6.0.0 to 7.0.7 allows attackers to execute unauthorized commands. By sending specially crafted requests to a specific named pipe, an attacker can gain control over the system and execute arbitrary code. This security flaw highlights the importance of adhering to secure coding practices and the necessity of regular updates to maintain system integrity.",Fortinet,Forticlientwindows,7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-04-11T16:05:59.314Z,0
CVE-2021-41031,https://securityvulnerability.io/vulnerability/CVE-2021-41031,Relative Path Traversal Vulnerability in FortiClient for Windows,"A vulnerability exists in FortiClient for Windows that may allow an unprivileged local attacker to escalate privileges to SYSTEM-level access. This issue arises due to a relative path traversal vulnerability associated with the FortiESNAC service's named pipe. Exploitation of this vulnerability can give attackers increased permissions, posing significant risks to system integrity.",Fortinet,Fortinet Forticlientwindows,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-07-18T16:40:12.000Z,0
CVE-2022-26113,https://securityvulnerability.io/vulnerability/CVE-2022-26113,Privilege Escalation Vulnerability in FortiClient by Fortinet,"A privilege escalation vulnerability exists in FortiClient for Windows versions ranging from 6.0.0 to 7.0.3. This flaw allows a local attacker to gain elevated privileges and perform arbitrary file write operations on the system. Exploiting this vulnerability could lead to unauthorized modifications to sensitive files, thereby compromising system integrity. It is crucial for users of affected versions to apply security updates promptly to mitigate potential risks.",Fortinet,Fortinet Forticlientwindows,7.7,HIGH,0.0008500000112690032,false,,false,false,false,,,false,false,,2022-07-18T16:36:04.000Z,0
CVE-2021-43066,https://securityvulnerability.io/vulnerability/CVE-2021-43066,File Path Control Vulnerability in Fortinet FortiClient Software,A vulnerability exists in Fortinet FortiClient for Windows that allows an attacker to exploit external control over file names or paths. This issue affects multiple versions and can lead to privilege escalation through the MSI installer process.,Fortinet,Fortinet Forticlientwindows,8.4,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-05-11T15:40:10.000Z,0
CVE-2021-44169,https://securityvulnerability.io/vulnerability/CVE-2021-44169,Improper Initialization Vulnerability in Fortinet FortiClient for Windows,"An improper initialization vulnerability in Fortinet's FortiClient for Windows allows attackers to gain administrative privileges by placing a malicious executable within the directory of the FortiClient installer. This can potentially lead to unauthorized control over the system, posing significant security risks to users. It is crucial for affected users to follow the guidelines provided by Fortinet to address this vulnerability and mitigate the risk.",Fortinet,Fortinet Forticlientwindows,8.2,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-04-06T09:30:20.000Z,0
CVE-2021-41028,https://securityvulnerability.io/vulnerability/CVE-2021-41028,Man-in-the-middle Attack Vulnerability in Fortinet FortiClient Products,"The vulnerability arises from the use of hard-coded cryptographic keys in versions of FortiClientEMS and improper certificate validation in FortiClient for Windows, Linux, and Mac. This flawed implementation enables an unauthenticated and network-adjacent attacker to potentially execute a man-in-the-middle attack through the telemetry protocol, compromising secure communication between the EMS and FortiClient.",Fortinet,"Fortinet Forticlientems, Forticlientwindows, Forticlientlinux, Forticlientmac",8.2,HIGH,0.000699999975040555,false,,false,false,false,,,false,false,,2021-12-16T18:13:38.000Z,0
CVE-2021-36167,https://securityvulnerability.io/vulnerability/CVE-2021-36167,Improper Authorization Vulnerability in FortiClient by Fortinet,"FortiClient, developed by Fortinet, is affected by an improper authorization vulnerability that allows attackers to bypass webfilter controls. In versions 7.0.0, 6.4.6 and earlier, as well as 6.2.8 and prior, an unauthenticated attacker may exploit this flaw by modifying the session-id parameter, which poses a risk to network security. Users of these versions should update their software to mitigate potential exploitation.",Fortinet,Fortinet Forticlientwindows,4.3,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2021-12-09T09:33:17.000Z,0
CVE-2021-43204,https://securityvulnerability.io/vulnerability/CVE-2021-43204,Denial of Service Vulnerability in Fortinet FortiClient Windows,"An improper control of a resource through its lifetime in Fortinet FortiClient for Windows allows attackers to manipulate directory access permissions, potentially leading to a complete denial of service of the application components. This vulnerability affects several versions, necessitating immediate attention to prevent exploitation.",Fortinet,Fortinet Forticlientwindows,4.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-12-09T09:04:29.000Z,0
CVE-2021-32592,https://securityvulnerability.io/vulnerability/CVE-2021-32592,Unsafe Search Path Vulnerability in FortiClient by Fortinet,"This vulnerability revolves around an unsafe search path in FortiClient and FortiClientEMS, affecting multiple versions. An attacker could exploit this flaw by placing a malicious OpenSSL engine library in the search path, facilitating a DLL Hijack attack on the affected devices. Such an attack could potentially compromise sensitive information and the integrity of the system. Organizations using the impacted versions should assess their risk and apply necessary mitigations to safeguard their infrastructure.",Fortinet,"Fortinet Forticlientwindows, Forticlientems",7.8,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2021-12-01T11:27:11.000Z,0
CVE-2021-36183,https://securityvulnerability.io/vulnerability/CVE-2021-36183,Improper Authorization Vulnerability in FortiClient for Windows by Fortinet,"An improper authorization vulnerability exists in FortiClient for Windows that may enable a local, unprivileged attacker to escalate their privileges to SYSTEM. This vulnerability arises from insufficient access controls on the named pipe responsible for FortiClient updates, potentially allowing exploits that compromise system integrity.",Fortinet,Fortinet Forticlientwindows,7.4,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-11-02T18:41:28.000Z,0
CVE-2019-17658,https://securityvulnerability.io/vulnerability/CVE-2019-17658,Unquoted Service Path Vulnerability in FortiClient Windows by Fortinet,An unquoted service path vulnerability exists in the FortiTray component of FortiClient for Windows. This flaw allows an attacker to leverage the executable path of the FortiClientConsole service to gain elevated privileges on affected systems running FortiClient versions 6.2.2 and earlier. Proper path quoting is essential to prevent unauthorized access and exploitation of this vulnerability.,Fortinet,Fortinet Forticlientwindows,9.8,CRITICAL,0.002219999907538295,false,,false,false,true,2020-03-11T11:58:24.000Z,true,false,false,,2020-03-12T21:26:00.000Z,0
CVE-2018-9190,https://securityvulnerability.io/vulnerability/CVE-2018-9190,,A null pointer dereference vulnerability in Fortinet FortiClientWindows 6.0.2 and earlier allows attacker to cause a denial of service via the NDIS miniport driver.,Fortinet,Fortinet Forticlientwindows,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-02-08T19:29:00.000Z,0
CVE-2017-7344,https://securityvulnerability.io/vulnerability/CVE-2017-7344,,"A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows ""security alert"" dialog thereby popping up when the ""VPN before logon"" feature is enabled and an untrusted certificate chain.",Fortinet,Forticlientwindows,8.1,HIGH,0.008469999767839909,false,,false,false,false,,,false,false,,2017-12-14T18:29:00.000Z,0