CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-33304
https://notcve.org/view.php?id=CVE-2023-33304
14 Nov 2023 — A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials. Un uso de vulnerabilidad de credenciales codificadas en Fortinet FortiClient Windows 7.0.0 - 7.0.9 y 7.2.0 - 7.2.1 permite a un atacante omitir las protecciones del sistema mediante el uso de credenciales estáticas. • https://fortiguard.com/psirt/FG-IR-23-108 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-41840
https://notcve.org/view.php?id=CVE-2023-41840
14 Nov 2023 — A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path. Una vulnerabilidad de ruta de búsqueda no confiable en Fortinet FortiClientWindows 7.0.9 permite a un atacante realizar un ataque de DLL Hijack a través de una librería de motor OpenSSL malicioso en la ruta de búsqueda. • https://fortiguard.com/psirt/FG-IR-23-274 • CWE-426: Untrusted Search Path •
CVSS: 3.3EPSS: 0%CPEs: 13EXPL: 0CVE-2023-37939
https://notcve.org/view.php?id=CVE-2023-37939
10 Oct 2023 — An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning. Una exposición de información confidencia... • https://fortiguard.com/psirt/FG-IR-22-235 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •