cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-41028,https://securityvulnerability.io/vulnerability/CVE-2021-41028,Man-in-the-middle Attack Vulnerability in Fortinet FortiClient Products,"The vulnerability arises from the use of hard-coded cryptographic keys in versions of FortiClientEMS and improper certificate validation in FortiClient for Windows, Linux, and Mac. This flawed implementation enables an unauthenticated and network-adjacent attacker to potentially execute a man-in-the-middle attack through the telemetry protocol, compromising secure communication between the EMS and FortiClient.",Fortinet,"Fortinet Forticlientems, Forticlientwindows, Forticlientlinux, Forticlientmac",8.2,HIGH,0.000699999975040555,false,,false,false,false,,,false,false,,2021-12-16T18:13:38.000Z,0
CVE-2021-36189,https://securityvulnerability.io/vulnerability/CVE-2021-36189,Information Disclosure Vulnerability in Fortinet FortiClientEMS,"A vulnerability exists in Fortinet FortiClientEMS where sensitive data is not adequately encrypted, allowing attackers to access decrypted information through browser inspection in versions 6.4.4 and earlier, as well as in version 7.0.1 and below. This oversight poses significant risks for organizations relying on proper data protection measures.",Fortinet,Fortinet Forticlientems,6.8,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2021-12-09T09:10:03.000Z,0
CVE-2021-41030,https://securityvulnerability.io/vulnerability/CVE-2021-41030,Authentication Bypass in FortiClient EMS by Fortinet,"An authentication bypass vulnerability exists in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below, which could be exploited by an unauthenticated attacker. This flaw allows the attacker to impersonate existing users by intercepting and reusing valid SAML authentication messages, effectively bypassing authentication mechanisms and posing a significant risk to the security of the affected systems.",Fortinet,Fortinet Forticlientems,5.4,MEDIUM,0.00215999991632998,false,,false,false,false,,,false,false,,2021-12-08T17:51:12.000Z,0
CVE-2021-32592,https://securityvulnerability.io/vulnerability/CVE-2021-32592,Unsafe Search Path Vulnerability in FortiClient by Fortinet,"This vulnerability revolves around an unsafe search path in FortiClient and FortiClientEMS, affecting multiple versions. An attacker could exploit this flaw by placing a malicious OpenSSL engine library in the search path, facilitating a DLL Hijack attack on the affected devices. Such an attack could potentially compromise sensitive information and the integrity of the system. Organizations using the impacted versions should assess their risk and apply necessary mitigations to safeguard their infrastructure.",Fortinet,"Fortinet Forticlientwindows, Forticlientems",7.8,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2021-12-01T11:27:11.000Z,0
CVE-2020-15940,https://securityvulnerability.io/vulnerability/CVE-2020-15940,Input Injection Vulnerability in FortiClientEMS by Fortinet,"An improper neutralization of input vulnerability allows a remote authenticated attacker to exploit vulnerable versions of FortiClientEMS by injecting malicious scripts or tags through the name parameter in various sections of the server. This vulnerability affects versions 6.4.1 and below and 6.2.9 and below, posing significant risks to web security and integrity.",Fortinet,Fortinet Forticlientems,4.1,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2021-11-02T17:49:37.000Z,0
CVE-2021-24019,https://securityvulnerability.io/vulnerability/CVE-2021-24019,Insufficient Session Expiration in FortiClientEMS by Fortinet,"FortiClientEMS versions 6.4.2 and below, as well as 6.2.8 and below, are affected by an insufficient session expiration vulnerability. This issue allows attackers to exploit unexpired session IDs of admin users, potentially granting them unauthorized administrative access. If an attacker can obtain these session IDs through various means, they may be able to reuse them, circumventing normal authentication mechanisms and gaining elevated privileges. Organizations using affected versions should take immediate action to update their systems to mitigate this risk.",Fortinet,Fortinet Forticlientems,8.1,HIGH,0.002219999907538295,false,,false,false,false,,,false,false,,2021-10-06T09:41:10.000Z,0
CVE-2020-15941,https://securityvulnerability.io/vulnerability/CVE-2020-15941,Path Traversal Vulnerability in FortiClientEMS by Fortinet,"A path traversal vulnerability exists in FortiClientEMS versions 6.4.1 and earlier, as well as in 6.2.8 and earlier. This issue allows authenticated attackers to exploit the vulnerability by injecting directory traversal character sequences. By manipulating the name parameter of Deployment Packages, attackers can potentially add or delete files on the server, leading to unauthorized file access and potential system compromise.",Fortinet,Fortinet Forticlientems,5.4,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2021-10-06T09:27:32.000Z,0