CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-17543
https://notcve.org/view.php?id=CVE-2017-17543
Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms. Las credenciales de autenticación de VPN de los usuarios se cifran de manera no segura en Fortinet FortiClient para Windows en versiones 5.6.0 y anteriores, FortiClient para Mac OSX en versiones 5.6.0 y anteriores y FortiClient SSLVPN Client para Linux en versiones 4.4.2335 y anteriores, debido a la uso de una clave de cifrado estático y algoritmos de cifrado débiles. • https://fortiguard.com/advisory/FG-IR-17-214 • CWE-326: Inadequate Encryption Strength •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-14184
https://notcve.org/view.php?id=CVE-2017-14184
An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations. Una vulnerabilidad de divulgación de información en Fortinet FortiClient for Windows 5.6.0 y anteriores, FortiClient for Mac OSX 5.6.0 y anteriores y FortiClient SSLVPN Client for Linux 4.4.2334 y anteriores permite que usuarios regulares vean las credenciales de autenticación de VPN de otros usuarios. Esto se debe a las ubicaciones de almacenamiento indebidamente aseguradas. • http://www.securityfocus.com/bid/102123 https://fortiguard.com/advisory/FG-IR-17-214 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2017-7344 – Fortinet FortiClient Windows Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-7344
A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain. Una escalada de privilegios en Fortinet FortiClient Windows en versiones 5.4.3 y anteriores, así como la versión 5.6.0, permite que un atacante consiga privilegios explotando el diálogo de Windows "security alert" que aparece cuando la característica "VPN before logon" está habilitada y se conecta un certificado no fiable. Fortinet FortiClient Windows suffers from a privilege escalation vulnerability at logon. • http://www.securityfocus.com/bid/102176 https://fortiguard.com/advisory/FG-IR-17-070 https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-8493
https://notcve.org/view.php?id=CVE-2016-8493
In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability. En FortiClientWindows versiones 5.4.1 y 5.4.2, un atacante puede escalar privilegios por medio de una vulnerabilidad de FortiClientNamedPipe. • http://www.securityfocus.com/bid/101682 https://fortiguard.com/psirt/FG-IR-16-095 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 3CVE-2015-5736 – Fortinet FortiClient 5.2.3 (Windows 10 x64 Creators) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-5736
The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call. Vulnerabilidad en el driver Fortishield.sys en Fortinet FortiClient en versiones anteriores a 5.2.4, permite a usuarios locales ejecutar código arbitrario con privilegios de kernel mediante el establecimiento de la función callback en llamada ioctl en (1) 0x220024 o (2) 0x220028. Fortinet FortiClient version 5.2.3 (Windows 10 x64 Creators) suffers from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/45149 https://www.exploit-db.com/exploits/41722 https://www.exploit-db.com/exploits/41721 http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient http://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html http://seclists.org/fulldisclosure/2015/Sep/0 http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities http://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient http://www&# • CWE-264: Permissions, Privileges, and Access Controls •