Page 6 of 28 results (0.005 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to write to arbitrary memory locations via a 0x226108 ioctl call. Los controladores (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys y (4) mdare64_52.sys en Fortinet FortiClient en versiones anteriores a 5.2.4 permite a usuarios locales escribir a localizaciones de memoria arbitrarias a través de una llamada ioctl 0x226108. • http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient http://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html http://seclists.org/fulldisclosure/2015/Sep/0 http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities http://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient http://www.securityfocus.com/archive/1/536369/100/0/threaded http://www.securitytracker.com/id/1033439 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2

The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences. La clase qm en Fortinet FortiClient 5.2.3.091 para Android utiliza una clave de cifrado embebido de FoRtInEt!AnDrOiD, lo que facilita a atacantes obtener contraseñas y posiblemente otros datos sensibles mediante el aprovechamiento de la clave para descifrar datos en las preferencias compartidas 'Shared Preferences'. • http://seclists.org/fulldisclosure/2015/Jan/124 http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiClient_Multiple_Vulnerabilities.pdf http://www.securityfocus.com/bid/72383 • CWE-310: Cryptographic Issues •

CVSS: 5.4EPSS: 0%CPEs: 10EXPL: 0

FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the server's X.509 certificate is invalid, which allows man-in-the-middle attackers to obtain sensitive information by leveraging a password transmission that occurs before the user warning about the certificate problem. FortiClient antes de v4.3.5.472 en Windows, antes v4.0.3.134 en Mac OS X, y antes en Android v4.0, FortiClient Lite antes de v4.3.4.461 para Windows, FortiClient Lite v2.0 hasta v2.0.0223 en Android, y FortiClient SSL VPN antes de v4.0.2258 en Linux continua con una sesión de SSL después de determinar que el certificado X.509 del servidor no es válido, lo que permite a atacantes man-in-the-middle obtener información sensible mediante el aprovechamiento de una transmisión con contraseña que se produce antes de la advertencia usuario sobre el problema de certificado. • http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0001.html http://objectif-securite.ch/forticlient_bulletin.php http://www.fortiguard.com/advisory/Potential-Man-In-The-Middle-Vulnerability-in-FortiClient-VPN http://www.securityfocus.com/bid/59604 • CWE-255: Credentials Management Errors CWE-310: Cryptographic Issues •