CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 2CVE-2015-1569
https://notcve.org/view.php?id=CVE-2015-1569
10 Feb 2015 — Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate. Fortinet FortiClient 5.2.028 para iOS no valida los certyificados, lo que facilita a atacantes man-in-the-middle falsificar servidores VPN SSL a través de un certificado manipulado. • http://seclists.org/fulldisclosure/2015/Jan/124 • CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 2CVE-2015-1570
https://notcve.org/view.php?id=CVE-2015-1570
10 Feb 2015 — The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate. La implementación de protocolo Endpoint Control en Fortinet FortiClient 5.2.3.091 para Android y 5.2.028 para iOS no valida los certificados, lo que facilita a atacantes man-in-the-middle falsificar servidores a través de un certificado manipulado. • http://seclists.org/fulldisclosure/2015/Jan/124 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2015-1453
https://notcve.org/view.php?id=CVE-2015-1453
02 Feb 2015 — The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences. La clase qm en Fortinet FortiClient 5.2.3.091 para Android utiliza una clave de cifrado embebido de FoRtInEt!AnDrOiD, lo que facilita a atacantes obtener contraseñas y posiblemente otros datos sensibles mediante el aprovechamiento de la clave pa... • http://seclists.org/fulldisclosure/2015/Jan/124 • CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 0CVE-2013-4669
https://notcve.org/view.php?id=CVE-2013-4669
25 Jun 2013 — FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the server's X.509 certificate is invalid, which allows man-in-the-middle attackers to obtain sensitive information by leveraging a password transmission that occurs before the user warning about the certificate proble... • http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0001.html • CWE-255: Credentials Management Errors CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2009-1262
https://notcve.org/view.php?id=CVE-2009-1262
07 Apr 2009 — Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name. Vulnerabilidad de formato de cadena en Fortinet FortiClient v3.0.614 y posiblemente versiones anteriores permite a usuarios locales ejecutar código de forma arbitraria a través de especificadores de formato de cadena en el nombre de la conexión VPN. • http://lists.grok.org.uk/pipermail/full-disclosure/2009-April/068583.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0779
https://notcve.org/view.php?id=CVE-2008-0779
14 Feb 2008 — The fortimon.sys device driver in Fortinet FortiClient Host Security 3.0 MR5 Patch 3 and earlier does not properly initialize its DeviceExtension, which allows local users to access kernel memory and execute arbitrary code via a crafted request. El controlador de dispositivo fortimon.sys en Fortinet FortiClient Host Security versión 3.0 MR5 Parche 3 y versiones anteriores, no inicializa apropiadamente su DeviceExtension, lo que permite a los usuarios locales acceder a la memoria del kernel y ejecutar código... • http://kc.forticare.com/default.asp?id=3618 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2005-4570
https://notcve.org/view.php?id=CVE-2005-4570
29 Dec 2005 — The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service (termination of a process that is automatically restarted) via IKE packets with invalid values of certain IPSec attributes, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the vendor advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-366... • http://secunia.com/advisories/18446 •