CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-47534
https://notcve.org/view.php?id=CVE-2023-47534
12 Mar 2024 — A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8 allows attacker to execute unauthorized code or commands via specially crafted packets. Una neutralización inadecuada de elementos de fórmula en un archivo csv en Fortinet FortiClientEMS versión 7.2.0 hasta 7.2.2, 7.0.0 hasta 7.0.10, 6.4.0 hasta 6.4.9, 6.2.0 hasta 6.2.9, 6.0.0 hasta 6.0.8 permite al atacante ej... • https://fortiguard.com/psirt/FG-IR-23-390 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 10.0EPSS: 89%CPEs: 2EXPL: 2CVE-2023-48788 – Fortinet FortiClient EMS SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-48788
12 Mar 2024 — A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets. Una neutralización inadecuada de elementos especiales utilizados en un comando sql ("inyección sql") en Fortinet FortiClientEMS versión 7.2.0 a 7.2.2, FortiClientEMS 7.0.1 a 7.0.10 permite a un atacante ejecutar código o comandos no autorizados ... • https://packetstorm.news/files/id/178230 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45581
https://notcve.org/view.php?id=CVE-2023-45581
15 Feb 2024 — An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests. Una vulnerabilidad de administración de privilegios inadecuada [CWE-269] en Fortinet FortiClientEMS versión 7.2.0 a 7.2.2 y anteriores a 7.0.10 permite a un administrador del sitio con privilegios de superadministrador real... • https://fortiguard.com/psirt/FG-IR-23-357 • CWE-269: Improper Privilege Management •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-40681
https://notcve.org/view.php?id=CVE-2022-40681
14 Nov 2023 — A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to cause denial of service via sending a crafted request to a specific named pipe. Una autorización incorrecta en Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 y 6.0.0 - 6.0.10 permite a un atacante provocar denegación de servicio mediante envío una solicitud manipulada para una canalización con nombre específico. • https://fortiguard.com/psirt/FG-IR-22-299 • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-33304
https://notcve.org/view.php?id=CVE-2023-33304
14 Nov 2023 — A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials. Un uso de vulnerabilidad de credenciales codificadas en Fortinet FortiClient Windows 7.0.0 - 7.0.9 y 7.2.0 - 7.2.1 permite a un atacante omitir las protecciones del sistema mediante el uso de credenciales estáticas. • https://fortiguard.com/psirt/FG-IR-23-108 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-41840
https://notcve.org/view.php?id=CVE-2023-41840
14 Nov 2023 — A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path. Una vulnerabilidad de ruta de búsqueda no confiable en Fortinet FortiClientWindows 7.0.9 permite a un atacante realizar un ataque de DLL Hijack a través de una librería de motor OpenSSL malicioso en la ruta de búsqueda. • https://fortiguard.com/psirt/FG-IR-23-274 • CWE-426: Untrusted Search Path •
CVSS: 3.3EPSS: 0%CPEs: 13EXPL: 0CVE-2023-37939
https://notcve.org/view.php?id=CVE-2023-37939
10 Oct 2023 — An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning. Una exposición de información confidencia... • https://fortiguard.com/psirt/FG-IR-22-235 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-44172
https://notcve.org/view.php?id=CVE-2021-44172
13 Sep 2023 — An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path. Una vulnerabilidad de exposición de información sensible a un actor no autorizado [CWE-200] en FortiClientEMS versiones 7.0.0 a 7.0.4, 7.0.6 a 7.0.7, en todas las versiones de interfaz de adm... • https://fortiguard.com/psirt/FG-IR-21-244 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-33877
https://notcve.org/view.php?id=CVE-2022-33877
13 Jun 2023 — An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter (Windows) versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConverter is installed in an insecure folder. • https://fortiguard.com/psirt/FG-IR-22-229 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43946 – Fortinet FortiClient VPN Improper Access Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-43946
11 Apr 2023 — Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-check time-of-use (TOCTOU) race condition [CWE-367] vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute commands via writing data into a windows pipe. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiClient VPN. Authentication is required to exploit th... • https://fortiguard.com/psirt/FG-IR-22-429 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-732: Incorrect Permission Assignment for Critical Resource •