cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-26122,https://securityvulnerability.io/vulnerability/CVE-2022-26122,"Insufficient Data Verification in Fortinet’s FortiClient, FortiMail, and FortiOS Products","Fortinet has identified a vulnerability within its FortiClient, FortiMail, and FortiOS products that stems from inadequate verification of data authenticity. This flaw can be exploited by attackers who manipulate MIME attachments by introducing junk and pad characters in base64 encoding. As a result, the affected AV engines, specifically versions 6.2.168 and below, and 6.4.274 and below, may be circumvented, allowing potential unauthorized actions and data breaches. Users are urged to review the impact of this vulnerability and take appropriate measures.",Fortinet,"Fortinet Av Engine, Fortimail, FortiOS, Forticlient",4.7,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0
CVE-2019-16150,https://securityvulnerability.io/vulnerability/CVE-2019-16150,Hard-Coded Cryptographic Key Vulnerability in FortiClient for Windows,"The vulnerability pertains to the use of a hard-coded cryptographic key in FortiClient for Windows, versions prior to 6.4.0. This flaw allows an attacker with access to the local storage or the configuration backup file to decrypt sensitive security data. The hard-coded nature of the key raises significant concerns about the confidentiality of encrypted information, making it imperative for users to upgrade to a patched version to mitigate risks associated with unauthorized data access.",Fortinet,Fortinet Forticlient For Windows,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-06-04T12:27:29.000Z,0
CVE-2020-9291,https://securityvulnerability.io/vulnerability/CVE-2020-9291,Insecure Temporary File Vulnerability in FortiClient for Windows,"An Insecure Temporary File vulnerability exists in FortiClient for Windows versions up to 6.2.1, which could allow a local user to exploit the system. By exhausting the pool of temporary file names through a symbolic link attack, the user may achieve elevated privileges, potentially compromising system integrity and security. Users of the affected versions are advised to apply patches and take preventative measures to secure their systems.",Fortinet,Fortinet Forticlient For Windows,6.3,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-06-01T18:39:42.000Z,0
CVE-2020-9287,https://securityvulnerability.io/vulnerability/CVE-2020-9287,Unsafe Search Path Vulnerability in FortiClient EMS by Fortinet,"An unsafe search path vulnerability allows a local attacker who controls the directory containing the FortiClientEMSOnlineInstaller.exe to introduce malicious Filter Library DLL files. This could lead to unauthorized arbitrary code execution on the targeted system, posing significant security risks.",Fortinet,Fortinet Forticlient Ems,7.8,HIGH,0.0006900000153109431,false,,false,false,false,,,false,false,,2020-03-15T21:56:00.000Z,0
CVE-2020-9290,https://securityvulnerability.io/vulnerability/CVE-2020-9290,Unsafe Search Path vulnerability in FortiClient for Windows by Fortinet,"An Unsafe Search Path vulnerability exists in the FortiClient for Windows online installer, where a local attacker can leverage control over the installer directory to execute arbitrary code. By placing malicious Filter Library DLL files in the directory where the FortiClient installers reside (FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe), an attacker can compromise the system, leading to potential data breaches and system instability.",Fortinet,Fortinet Forticlient For Windows,7.8,HIGH,0.0006900000153109431,false,,false,false,false,,,false,false,,2020-03-15T21:52:05.000Z,0
CVE-2019-6692,https://securityvulnerability.io/vulnerability/CVE-2019-6692,Malicious DLL Preload Vulnerability in Fortinet FortiClient for Windows,"A malicious DLL preload vulnerability exists in Fortinet FortiClient for Windows that allows attackers to execute arbitrary code by forging a malicious DLL. This flaw impacts FortiClient versions 6.2.0 and earlier, posing significant security risks to systems running vulnerable versions.",Fortinet,Fortinet Forticlient For Windows,7.8,HIGH,0.0007200000109151006,false,,false,false,false,,,false,false,,2019-10-24T13:46:16.000Z,0
CVE-2018-9193,https://securityvulnerability.io/vulnerability/CVE-2018-9193,Local Privilege Escalation in Fortinet FortiClient for Windows,"A local privilege escalation vulnerability exists in Fortinet FortiClient for Windows versions 6.0.4 and earlier. This flaw allows an attacker to execute unauthorized code or commands by exploiting the improper parsing of specific files. Attackers with local access could leverage this vulnerability to gain elevated privileges, potentially compromising sensitive information or system integrity. It is essential for users to update their FortiClient applications to mitigate such risks.",Fortinet,Fortinet Forticlient For Windows,7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2019-05-30T16:27:54.000Z,0
CVE-2018-13368,https://securityvulnerability.io/vulnerability/CVE-2018-13368,Local Privilege Escalation Vulnerability in Fortinet FortiClient for Windows,"A local privilege escalation vulnerability in Fortinet FortiClient for Windows versions 6.0.4 and earlier allows an attacker to execute unauthorized code or commands via command injection techniques. This could lead to unauthorized access and manipulation of system resources, posing a significant security risk to affected installations. Proper patching and security measures are recommended to mitigate the risk associated with this vulnerability.",Fortinet,Fortinet Forticlient For Windows,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2019-05-30T16:27:34.000Z,0
CVE-2018-9191,https://securityvulnerability.io/vulnerability/CVE-2018-9191,Local Privilege Escalation in Fortinet FortiClient for Windows,"A local privilege escalation vulnerability in Fortinet's FortiClient for Windows versions 6.0.4 and earlier can be leveraged by attackers to execute unauthorized commands or code. This occurs through a named pipe associated with the FortiClient update process, allowing exploitation if an attacker gains access to the affected system.",Fortinet,Fortinet Forticlient For Windows,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2019-05-30T16:27:18.000Z,0
CVE-2019-5589,https://securityvulnerability.io/vulnerability/CVE-2019-5589,Unsafe Search Path Vulnerability in FortiClient by Fortinet,"An Unsafe Search Path vulnerability exists in the FortiClient Online Installer for Windows versions prior to 6.0.6. This flaw could be exploited by an unauthenticated remote attacker who has control over the directory containing FortiClientOnlineInstaller.exe, enabling them to execute arbitrary code on the affected system. The attacker can achieve this by uploading malicious .dll files into the installer's directory, leading to potential system compromise.",Fortinet,Fortinet Forticlient For Windows,7.8,HIGH,0.002300000051036477,false,,false,false,false,,,false,false,,2019-05-28T21:42:19.000Z,0
CVE-2016-8493,https://securityvulnerability.io/vulnerability/CVE-2016-8493,,"In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability.",Fortinet,Fortinet Forticlient,8.8,HIGH,0.0009500000160187483,false,,false,false,false,,,false,false,,2017-06-26T17:00:00.000Z,0