cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-41031,https://securityvulnerability.io/vulnerability/CVE-2021-41031,Relative Path Traversal Vulnerability in FortiClient for Windows,"A vulnerability exists in FortiClient for Windows that may allow an unprivileged local attacker to escalate privileges to SYSTEM-level access. This issue arises due to a relative path traversal vulnerability associated with the FortiESNAC service's named pipe. Exploitation of this vulnerability can give attackers increased permissions, posing significant risks to system integrity.",Fortinet,Fortinet Forticlientwindows,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-07-18T16:40:12.000Z,0
CVE-2022-26113,https://securityvulnerability.io/vulnerability/CVE-2022-26113,Privilege Escalation Vulnerability in FortiClient by Fortinet,"A privilege escalation vulnerability exists in FortiClient for Windows versions ranging from 6.0.0 to 7.0.3. This flaw allows a local attacker to gain elevated privileges and perform arbitrary file write operations on the system. Exploiting this vulnerability could lead to unauthorized modifications to sensitive files, thereby compromising system integrity. It is crucial for users of affected versions to apply security updates promptly to mitigate potential risks.",Fortinet,Fortinet Forticlientwindows,7.7,HIGH,0.0008500000112690032,false,,false,false,false,,,false,false,,2022-07-18T16:36:04.000Z,0
CVE-2021-43066,https://securityvulnerability.io/vulnerability/CVE-2021-43066,File Path Control Vulnerability in Fortinet FortiClient Software,A vulnerability exists in Fortinet FortiClient for Windows that allows an attacker to exploit external control over file names or paths. This issue affects multiple versions and can lead to privilege escalation through the MSI installer process.,Fortinet,Fortinet Forticlientwindows,8.4,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-05-11T15:40:10.000Z,0
CVE-2021-44169,https://securityvulnerability.io/vulnerability/CVE-2021-44169,Improper Initialization Vulnerability in Fortinet FortiClient for Windows,"An improper initialization vulnerability in Fortinet's FortiClient for Windows allows attackers to gain administrative privileges by placing a malicious executable within the directory of the FortiClient installer. This can potentially lead to unauthorized control over the system, posing significant security risks to users. It is crucial for affected users to follow the guidelines provided by Fortinet to address this vulnerability and mitigate the risk.",Fortinet,Fortinet Forticlientwindows,8.2,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-04-06T09:30:20.000Z,0
CVE-2021-41028,https://securityvulnerability.io/vulnerability/CVE-2021-41028,Man-in-the-middle Attack Vulnerability in Fortinet FortiClient Products,"The vulnerability arises from the use of hard-coded cryptographic keys in versions of FortiClientEMS and improper certificate validation in FortiClient for Windows, Linux, and Mac. This flawed implementation enables an unauthenticated and network-adjacent attacker to potentially execute a man-in-the-middle attack through the telemetry protocol, compromising secure communication between the EMS and FortiClient.",Fortinet,"Fortinet Forticlientems, Forticlientwindows, Forticlientlinux, Forticlientmac",8.2,HIGH,0.000699999975040555,false,,false,false,false,,,false,false,,2021-12-16T18:13:38.000Z,0
CVE-2021-36167,https://securityvulnerability.io/vulnerability/CVE-2021-36167,Improper Authorization Vulnerability in FortiClient by Fortinet,"FortiClient, developed by Fortinet, is affected by an improper authorization vulnerability that allows attackers to bypass webfilter controls. In versions 7.0.0, 6.4.6 and earlier, as well as 6.2.8 and prior, an unauthenticated attacker may exploit this flaw by modifying the session-id parameter, which poses a risk to network security. Users of these versions should update their software to mitigate potential exploitation.",Fortinet,Fortinet Forticlientwindows,4.3,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2021-12-09T09:33:17.000Z,0
CVE-2021-43204,https://securityvulnerability.io/vulnerability/CVE-2021-43204,Denial of Service Vulnerability in Fortinet FortiClient Windows,"An improper control of a resource through its lifetime in Fortinet FortiClient for Windows allows attackers to manipulate directory access permissions, potentially leading to a complete denial of service of the application components. This vulnerability affects several versions, necessitating immediate attention to prevent exploitation.",Fortinet,Fortinet Forticlientwindows,4.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-12-09T09:04:29.000Z,0
CVE-2021-32592,https://securityvulnerability.io/vulnerability/CVE-2021-32592,Unsafe Search Path Vulnerability in FortiClient by Fortinet,"This vulnerability revolves around an unsafe search path in FortiClient and FortiClientEMS, affecting multiple versions. An attacker could exploit this flaw by placing a malicious OpenSSL engine library in the search path, facilitating a DLL Hijack attack on the affected devices. Such an attack could potentially compromise sensitive information and the integrity of the system. Organizations using the impacted versions should assess their risk and apply necessary mitigations to safeguard their infrastructure.",Fortinet,"Fortinet Forticlientwindows, Forticlientems",7.8,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2021-12-01T11:27:11.000Z,0
CVE-2021-36183,https://securityvulnerability.io/vulnerability/CVE-2021-36183,Improper Authorization Vulnerability in FortiClient for Windows by Fortinet,"An improper authorization vulnerability exists in FortiClient for Windows that may enable a local, unprivileged attacker to escalate their privileges to SYSTEM. This vulnerability arises from insufficient access controls on the named pipe responsible for FortiClient updates, potentially allowing exploits that compromise system integrity.",Fortinet,Fortinet Forticlientwindows,7.4,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-11-02T18:41:28.000Z,0
CVE-2019-17658,https://securityvulnerability.io/vulnerability/CVE-2019-17658,Unquoted Service Path Vulnerability in FortiClient Windows by Fortinet,An unquoted service path vulnerability exists in the FortiTray component of FortiClient for Windows. This flaw allows an attacker to leverage the executable path of the FortiClientConsole service to gain elevated privileges on affected systems running FortiClient versions 6.2.2 and earlier. Proper path quoting is essential to prevent unauthorized access and exploitation of this vulnerability.,Fortinet,Fortinet Forticlientwindows,9.8,CRITICAL,0.002219999907538295,false,,false,false,true,2020-03-11T11:58:24.000Z,true,false,false,,2020-03-12T21:26:00.000Z,0
CVE-2018-9190,https://securityvulnerability.io/vulnerability/CVE-2018-9190,,A null pointer dereference vulnerability in Fortinet FortiClientWindows 6.0.2 and earlier allows attacker to cause a denial of service via the NDIS miniport driver.,Fortinet,Fortinet Forticlientwindows,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-02-08T19:29:00.000Z,0