CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17652
https://notcve.org/view.php?id=CVE-2019-17652
06 Feb 2020 — A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "StartAvCustomScan" type IPC client requests to the fctsched process due the argv data not been well sanitized. Una vulnerabilidad de desbordamiento del búfer de la pila en FortiClient para Linux versiones 6.2.1 y posteriores, puede permitir a un usuario con privilegios bajos causar que los proces... • https://danishcyberdefence.dk/blog/forticlient_linux • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15711
https://notcve.org/view.php?id=CVE-2019-15711
06 Feb 2020 — A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process. Una vulnerabilidad de escalada de privilegios en FortiClient para Linux versiones 6.2.1 y posteriores, puede permitir a un usuario con privilegios bajos ejecutar comandos del sistema con privilegios de root mediante una inyección de peticiones del cliente IP... • https://danishcyberdefence.dk/blog/forticlient_linux •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17650
https://notcve.org/view.php?id=CVE-2019-17650
21 Nov 2019 — An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check. Una Neutralización Inapropiada de Elementos Especiales utilizada en una vulnerabilidad de Comandos en uno de los procesos root de FortiClient para Mac OS, puede permitir a un usuario local del sistema en el que se está ejecutando FortiClient ejecu... • https://danishcyberdefence.dk/blog/forticlient_mac • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 1CVE-2018-9195 – FortiOS 6.0.6 / FortiClientWindows 6.0.6 / FortiClientMac 6.2.1 XOR Encryption
https://notcve.org/view.php?id=CVE-2018-9195
21 Nov 2019 — Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below. El uso de una clave cri... • https://packetstorm.news/files/id/155463 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15704
https://notcve.org/view.php?id=CVE-2019-15704
21 Nov 2019 — A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway. Una vulnerabilidad de almacenamiento información confidencial en texto sin cifrar en FortiClient para Mac, puede permitir a un atacante local leer información confidencial registrada en la ventana de la consola cuando el usuario se conecta a un SSL VPN Gateway. • https://fortiguard.com/advisory/FG-IR-19-227 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6692
https://notcve.org/view.php?id=CVE-2019-6692
24 Oct 2019 — A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform arbitrary code execution via forging that DLL. Una vulnerabilidad de precarga maliciosa de DLL en Fortinet FortiClient para Windows versión 6.2.0 y anteriores, permite a un atacante privilegiado realizar una ejecución de código arbitrario mediante la falsificación de esa DLL. • https://fortiguard.com/psirt/FG-IR-19-148 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9193
https://notcve.org/view.php?id=CVE-2018-9193
30 May 2019 — A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the parsing of the file. Ua escalado de privilegios locales en Fortinet FortiClient para Windows 6.0.4 y versiones anteriores permite al atacante ejecutar código o comandos no autorizados a través del análisis del archivo A researcher has disclosed several vulnerabilities against FortiClient for Windows version 6.0.5 and below, version 5.6.6, the combination of thes... • https://fortiguard.com/advisory/FG-IR-18-108 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13368
https://notcve.org/view.php?id=CVE-2018-13368
30 May 2019 — A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection. una escaldada local de privilegios Fortinet FortiClient para Windows 6.0.4 y versiones anteriores permite al atacante ejecutar código o comandos no autorizados a través de la inyección de comandos. • https://fortiguard.com/advisory/FG-IR-18-108 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9191
https://notcve.org/view.php?id=CVE-2018-9191
30 May 2019 — A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates. Un escalada local de privilegios en Fortinet FortiClient para Windows 6.0.4 y versiones anteriores permite a los atacantes ejecutar códigos o comandos no autorizados a través de la canalización con nombre responsable de las actualizaciones de Forticlient. • https://fortiguard.com/advisory/FG-IR-18-108 •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5589
https://notcve.org/view.php?id=CVE-2019-5589
28 May 2019 — An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory. Una vulnerabilidad de ruta de búsqueda insegura en el instalador en línea de FortiClient (versión de Windows anterior a 6.0.6) puede permitir que un atacante remoto no identificado con control ... • https://fortiguard.com/advisory/FG-IR-19-060 • CWE-426: Untrusted Search Path •