CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40586
https://notcve.org/view.php?id=CVE-2024-40586
11 Feb 2025 — An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via FortiSSLVPNd service pipe. An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via FortiSSLVPNd service pipe. • https://fortiguard.fortinet.com/psirt/FG-IR-23-279 • CWE-284: Improper Access Control •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50564
https://notcve.org/view.php?id=CVE-2024-50564
14 Jan 2025 — A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped. • https://fortiguard.fortinet.com/psirt/FG-IR-24-216 • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2024-50570
https://notcve.org/view.php?id=CVE-2024-50570
18 Dec 2024 — A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector • https://fortiguard.fortinet.com/psirt/FG-IR-23-278 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-47574
https://notcve.org/view.php?id=CVE-2024-47574
13 Nov 2024 — A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages. • https://fortiguard.fortinet.com/psirt/FG-IR-24-199 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36507
https://notcve.org/view.php?id=CVE-2024-36507
12 Nov 2024 — A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and social engineering. • https://fortiguard.fortinet.com/psirt/FG-IR-24-205 • CWE-426: Untrusted Search Path •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36513
https://notcve.org/view.php?id=CVE-2024-36513
12 Nov 2024 — A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts. • https://fortiguard.fortinet.com/psirt/FG-IR-24-144 • CWE-270: Privilege Context Switching Error •
CVSS: 5.9EPSS: 0%CPEs: 32EXPL: 0CVE-2022-45856
https://notcve.org/view.php?id=CVE-2022-45856
10 Sep 2024 — An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the F... • https://fortiguard.fortinet.com/psirt/FG-IR-22-230 • CWE-295: Improper Certificate Validation •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-31489
https://notcve.org/view.php?id=CVE-2024-31489
10 Sep 2024 — AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation Una vulnerabilidad de validación de certificado incorrecta [CWE-295] en FortiClientWindows 7... • https://fortiguard.fortinet.com/psirt/FG-IR-22-282 • CWE-295: Improper Certificate Validation •