NotCVE - vendor:"Fortinet" product:"FortiClientWindows" version:" >= 7.2.0 <= 7.2.5"

7 results (0.005 seconds)

CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0

CVE-2024-40586

https://notcve.org/view.php?id=CVE-2024-40586

11 Feb 2025 — An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via FortiSSLVPNd service pipe. An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via FortiSSLVPNd service pipe. • https://fortiguard.fortinet.com/psirt/FG-IR-23-279 • CWE-284: Improper Access Control •

CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-50564

https://notcve.org/view.php?id=CVE-2024-50564

14 Jan 2025 — A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped. • https://fortiguard.fortinet.com/psirt/FG-IR-24-216 • CWE-321: Use of Hard-coded Cryptographic Key •

CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0

CVE-2024-50570

https://notcve.org/view.php?id=CVE-2024-50570

18 Dec 2024 — A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector • https://fortiguard.fortinet.com/psirt/FG-IR-23-278 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-47574

https://notcve.org/view.php?id=CVE-2024-47574

13 Nov 2024 — A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages. • https://fortiguard.fortinet.com/psirt/FG-IR-24-199 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •

CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2024-36507

https://notcve.org/view.php?id=CVE-2024-36507

12 Nov 2024 — A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and social engineering. • https://fortiguard.fortinet.com/psirt/FG-IR-24-205 • CWE-426: Untrusted Search Path •

CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0

CVE-2024-36513

https://notcve.org/view.php?id=CVE-2024-36513

12 Nov 2024 — A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts. • https://fortiguard.fortinet.com/psirt/FG-IR-24-144 • CWE-270: Privilege Context Switching Error •

CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0

CVE-2024-31489

https://notcve.org/view.php?id=CVE-2024-31489

10 Sep 2024 — AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation Una vulnerabilidad de validación de certificado incorrecta [CWE-295] en FortiClientWindows 7... • https://fortiguard.fortinet.com/psirt/FG-IR-22-282 • CWE-295: Improper Certificate Validation •