CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-14184
https://notcve.org/view.php?id=CVE-2017-14184
15 Dec 2017 — An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations. Una vulnerabilidad de divulgación de información en Fortinet FortiClient for Windows 5.6.0 y anteriores, FortiClient for Mac OSX 5.6.0 y anteriores y FortiClient SSLVPN Client ... • http://www.securityfocus.com/bid/102123 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 1%CPEs: 2EXPL: 2CVE-2017-7344 – Fortinet FortiClient Windows Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-7344
14 Dec 2017 — A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain. Una escalada de privilegios en Fortinet FortiClient Windows en versiones 5.4.3 y anteriores, así como la versión 5.6.0, permite que un atacante consiga privilegios explotando el diálogo de Windows "security alert" que aparece cuando la... • https://packetstorm.news/files/id/145611 •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-8493
https://notcve.org/view.php?id=CVE-2016-8493
26 Jun 2017 — In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability. En FortiClientWindows versiones 5.4.1 y 5.4.2, un atacante puede escalar privilegios por medio de una vulnerabilidad de FortiClientNamedPipe. • http://www.securityfocus.com/bid/101682 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5735 – FortiClient Antivirus Information Exposure / Access Control
https://notcve.org/view.php?id=CVE-2015-5735
02 Sep 2015 — The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to write to arbitrary memory locations via a 0x226108 ioctl call. Los controladores (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys y (4) mdare64_52.sys en Fortinet FortiClient en versiones anteriores a 5.2.4 permite a usuarios locales escribir a localizaciones de memoria arbitrarias a través de una llamada ioctl 0x226108. FortiClient drivers are pr... • http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 4%CPEs: 1EXPL: 4CVE-2015-5736 – Fortinet FortiClient 5.2.3 (Windows 10 x64 Creators) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-5736
02 Sep 2015 — The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call. Vulnerabilidad en el driver Fortishield.sys en Fortinet FortiClient en versiones anteriores a 5.2.4, permite a usuarios locales ejecutar código arbitrario con privilegios de kernel mediante el establecimiento de la función callback en llamada ioctl en (1) 0x220024 o (2) 0x220028. FortiClient drivers ... • https://packetstorm.news/files/id/148811 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5737 – FortiClient Antivirus Information Exposure / Access Control
https://notcve.org/view.php?id=CVE-2015-5737
02 Sep 2015 — The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call. Vulnerabilidad en los drivers (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys y (... • http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2015-4077 – Fortinet FortiClient 5.2.3 (Windows 10 x64 Creators) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-4077
02 Sep 2015 — The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call. Los controladores (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys y (4) mdare64_52.sys en Fortinet FortiClient en versiones anteriores a 5.2.4 permiten a usuarios locales leer memoria del kernel arbitraria a través de una llamada ioctl 0x22608C. FortiClient drivers are prone to multiple atta... • https://packetstorm.news/files/id/148811 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 2CVE-2015-1569
https://notcve.org/view.php?id=CVE-2015-1569
10 Feb 2015 — Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate. Fortinet FortiClient 5.2.028 para iOS no valida los certyificados, lo que facilita a atacantes man-in-the-middle falsificar servidores VPN SSL a través de un certificado manipulado. • http://seclists.org/fulldisclosure/2015/Jan/124 • CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 2CVE-2015-1570
https://notcve.org/view.php?id=CVE-2015-1570
10 Feb 2015 — The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate. La implementación de protocolo Endpoint Control en Fortinet FortiClient 5.2.3.091 para Android y 5.2.028 para iOS no valida los certificados, lo que facilita a atacantes man-in-the-middle falsificar servidores a través de un certificado manipulado. • http://seclists.org/fulldisclosure/2015/Jan/124 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2015-1453
https://notcve.org/view.php?id=CVE-2015-1453
02 Feb 2015 — The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences. La clase qm en Fortinet FortiClient 5.2.3.091 para Android utiliza una clave de cifrado embebido de FoRtInEt!AnDrOiD, lo que facilita a atacantes obtener contraseñas y posiblemente otros datos sensibles mediante el aprovechamiento de la clave pa... • http://seclists.org/fulldisclosure/2015/Jan/124 • CWE-310: Cryptographic Issues •