CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-14184
https://notcve.org/view.php?id=CVE-2017-14184
15 Dec 2017 — An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations. Una vulnerabilidad de divulgación de información en Fortinet FortiClient for Windows 5.6.0 y anteriores, FortiClient for Mac OSX 5.6.0 y anteriores y FortiClient SSLVPN Client ... • http://www.securityfocus.com/bid/102123 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 1%CPEs: 2EXPL: 2CVE-2017-7344 – Fortinet FortiClient Windows Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-7344
14 Dec 2017 — A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain. Una escalada de privilegios en Fortinet FortiClient Windows en versiones 5.4.3 y anteriores, así como la versión 5.6.0, permite que un atacante consiga privilegios explotando el diálogo de Windows "security alert" que aparece cuando la... • https://packetstorm.news/files/id/145611 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5735 – FortiClient Antivirus Information Exposure / Access Control
https://notcve.org/view.php?id=CVE-2015-5735
02 Sep 2015 — The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to write to arbitrary memory locations via a 0x226108 ioctl call. Los controladores (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys y (4) mdare64_52.sys en Fortinet FortiClient en versiones anteriores a 5.2.4 permite a usuarios locales escribir a localizaciones de memoria arbitrarias a través de una llamada ioctl 0x226108. FortiClient drivers are pr... • http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 4%CPEs: 1EXPL: 4CVE-2015-5736 – Fortinet FortiClient 5.2.3 (Windows 10 x64 Creators) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-5736
02 Sep 2015 — The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call. Vulnerabilidad en el driver Fortishield.sys en Fortinet FortiClient en versiones anteriores a 5.2.4, permite a usuarios locales ejecutar código arbitrario con privilegios de kernel mediante el establecimiento de la función callback en llamada ioctl en (1) 0x220024 o (2) 0x220028. FortiClient drivers ... • https://packetstorm.news/files/id/148811 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5737 – FortiClient Antivirus Information Exposure / Access Control
https://notcve.org/view.php?id=CVE-2015-5737
02 Sep 2015 — The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call. Vulnerabilidad en los drivers (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys y (... • http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2015-4077 – Fortinet FortiClient 5.2.3 (Windows 10 x64 Creators) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-4077
02 Sep 2015 — The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call. Los controladores (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys y (4) mdare64_52.sys en Fortinet FortiClient en versiones anteriores a 5.2.4 permiten a usuarios locales leer memoria del kernel arbitraria a través de una llamada ioctl 0x22608C. FortiClient drivers are prone to multiple atta... • https://packetstorm.news/files/id/148811 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2015-1453
https://notcve.org/view.php?id=CVE-2015-1453
02 Feb 2015 — The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences. La clase qm en Fortinet FortiClient 5.2.3.091 para Android utiliza una clave de cifrado embebido de FoRtInEt!AnDrOiD, lo que facilita a atacantes obtener contraseñas y posiblemente otros datos sensibles mediante el aprovechamiento de la clave pa... • http://seclists.org/fulldisclosure/2015/Jan/124 • CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 0CVE-2013-4669
https://notcve.org/view.php?id=CVE-2013-4669
25 Jun 2013 — FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the server's X.509 certificate is invalid, which allows man-in-the-middle attackers to obtain sensitive information by leveraging a password transmission that occurs before the user warning about the certificate proble... • http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0001.html • CWE-255: Credentials Management Errors CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2009-1262
https://notcve.org/view.php?id=CVE-2009-1262
07 Apr 2009 — Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name. Vulnerabilidad de formato de cadena en Fortinet FortiClient v3.0.614 y posiblemente versiones anteriores permite a usuarios locales ejecutar código de forma arbitraria a través de especificadores de formato de cadena en el nombre de la conexión VPN. • http://lists.grok.org.uk/pipermail/full-disclosure/2009-April/068583.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2005-4570
https://notcve.org/view.php?id=CVE-2005-4570
29 Dec 2005 — The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service (termination of a process that is automatically restarted) via IKE packets with invalid values of certain IPSec attributes, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the vendor advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-366... • http://secunia.com/advisories/18446 •