4 results (0.002 seconds)

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages. • https://fortiguard.fortinet.com/psirt/FG-IR-24-199 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •

CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0

A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and social engineering. • https://fortiguard.fortinet.com/psirt/FG-IR-24-205 • CWE-426: Untrusted Search Path •

CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0

A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts. • https://fortiguard.fortinet.com/psirt/FG-IR-24-144 • CWE-270: Privilege Context Switching Error •

CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0

AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation Una vulnerabilidad de validación de certificado incorrecta [CWE-295] en FortiClientWindows 7.2.0 a 7.2.2, 7.0.0 a 7.0.11, FortiClientLinux 7.2.0, 7.0.0 a 7.0.11 y FortiClientMac 7.0.0 a 7.0.11, 7.2.0 a 7.2.4 puede permitir que un atacante remoto y no autenticado realice un ataque Man-in-the-Middle en el canal de comunicación entre FortiGate y FortiClient durante la creación del túnel ZTNA. • https://fortiguard.fortinet.com/psirt/FG-IR-22-282 • CWE-295: Improper Certificate Validation •