NotCVE - vendor:"Fortinet" product:"FortiClientWindows" version:" >= 7.2.0 <= 7.2.4"

4 results (0.028 seconds)

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-47574

https://notcve.org/view.php?id=CVE-2024-47574

A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages. • https://fortiguard.fortinet.com/psirt/FG-IR-24-199 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •

CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2024-36507

https://notcve.org/view.php?id=CVE-2024-36507

A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and social engineering. • https://fortiguard.fortinet.com/psirt/FG-IR-24-205 • CWE-426: Untrusted Search Path •

CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0

CVE-2024-36513

https://notcve.org/view.php?id=CVE-2024-36513

A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts. • https://fortiguard.fortinet.com/psirt/FG-IR-24-144 • CWE-270: Privilege Context Switching Error •

CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2024-31489

https://notcve.org/view.php?id=CVE-2024-31489

AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation Una vulnerabilidad de validación de certificado incorrecta [CWE-295] en FortiClientWindows 7.2.0 a 7.2.2, 7.0.0 a 7.0.11, FortiClientLinux 7.2.0, 7.0.0 a 7.0.11 y FortiClientMac 7.0.0 a 7.0.11, 7.2.0 a 7.2.4 puede permitir que un atacante remoto y no autenticado realice un ataque Man-in-the-Middle en el canal de comunicación entre FortiGate y FortiClient durante la creación del túnel ZTNA. • https://fortiguard.fortinet.com/psirt/FG-IR-22-282 • CWE-295: Improper Certificate Validation •