19 results (0.017 seconds)

CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0

A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to cause denial of service via sending a crafted request to a specific named pipe. Una autorización incorrecta en Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 y 6.0.0 - 6.0.10 permite a un atacante provocar denegación de servicio mediante envío una solicitud manipulada para una canalización con nombre específico. • https://fortiguard.com/psirt/FG-IR-22-299 • CWE-863: Incorrect Authorization •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials. Un uso de vulnerabilidad de credenciales codificadas en Fortinet FortiClient Windows 7.0.0 - 7.0.9 y 7.2.0 - 7.2.1 permite a un atacante omitir las protecciones del sistema mediante el uso de credenciales estáticas. • https://fortiguard.com/psirt/FG-IR-23-108 • CWE-798: Use of Hard-coded Credentials •

CVSS: 3.3EPSS: 0%CPEs: 13EXPL: 0

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning. Una exposición de información confidencial a una vulnerabilidad de actor no autorizado [CWE-200] en FortiClient para Windows 7.2.0, 7.0 todas las versiones, 6.4 todas las versiones, 6.2 todas las versiones, Linux 7.2.0, 7.0 todas las versiones, 6.4 todas las versiones, 6.2 todas y Mac 7.2.0 a 7.2.1, 7.0 todas las versiones, 6.4 todas las versiones, 6.2 todas las versiones, pueden permitir que un atacante local autenticado sin privilegios administrativos recupere la lista de archivos o carpetas excluidas del análisis de malware. • https://fortiguard.com/psirt/FG-IR-22-235 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0

An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter (Windows) versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConverter is installed in an insecure folder. • https://fortiguard.com/psirt/FG-IR-22-229 • CWE-276: Incorrect Default Permissions •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-check time-of-use (TOCTOU) race condition [CWE-367] vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute commands via writing data into a windows pipe. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiClient VPN. Authentication is required to exploit this vulnerability. The specific flaw exists within the FortiClient Logging daemon. The product applies insufficient access controls to a sensitive pipe. A remote attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://fortiguard.com/psirt/FG-IR-22-429 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-732: Incorrect Permission Assignment for Critical Resource •