CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-40681
https://notcve.org/view.php?id=CVE-2022-40681
14 Nov 2023 — A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to cause denial of service via sending a crafted request to a specific named pipe. Una autorización incorrecta en Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 y 6.0.0 - 6.0.10 permite a un atacante provocar denegación de servicio mediante envío una solicitud manipulada para una canalización con nombre específico. • https://fortiguard.com/psirt/FG-IR-22-299 • CWE-863: Incorrect Authorization •
CVSS: 3.3EPSS: 0%CPEs: 13EXPL: 0CVE-2023-37939
https://notcve.org/view.php?id=CVE-2023-37939
10 Oct 2023 — An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning. Una exposición de información confidencia... • https://fortiguard.com/psirt/FG-IR-22-235 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43946 – Fortinet FortiClient VPN Improper Access Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-43946
11 Apr 2023 — Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-check time-of-use (TOCTOU) race condition [CWE-367] vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute commands via writing data into a windows pipe. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiClient VPN. Authentication is required to exploit th... • https://fortiguard.com/psirt/FG-IR-22-429 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-42470
https://notcve.org/view.php?id=CVE-2022-42470
11 Apr 2023 — A relative path traversal vulnerability in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe. • https://fortiguard.com/psirt/FG-IR-22-320 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-40682
https://notcve.org/view.php?id=CVE-2022-40682
11 Apr 2023 — A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe. • https://fortiguard.com/psirt/FG-IR-22-336 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-22635
https://notcve.org/view.php?id=CVE-2023-22635
11 Apr 2023 — A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate their privileges via modifying the installer upon upgrade. • https://fortiguard.com/psirt/FG-IR-22-481 • CWE-494: Download of Code Without Integrity Check •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-41031
https://notcve.org/view.php?id=CVE-2021-41031
18 Jul 2022 — A relative path traversal vulnerability [CWE-23] in FortiClient for Windows versions 7.0.2 and prior, 6.4.6 and prior and 6.2.9 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for FortiESNAC service. Una vulnerabilidad de salto de ruta relativa [CWE-23] en FortiClient para Windows versiones 7.0.2 y anteriores, 6.4.6 y anteriores y 6.2.9 y anteriores, puede permitir a un atacante local no privilegiado escalar sus privilegios a SYSTEM por... • https://fortiguard.com/advisory/FG-IR-21-190 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 0CVE-2022-26113
https://notcve.org/view.php?id=CVE-2022-26113
18 Jul 2022 — An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.10 may allow a local attacker to perform an arbitrary file write on the system. Una vulnerabilidad de ejecución con privilegios no necesarios [CWE-250] en FortiClientWindows versiones 7.0.0 hasta 7.0.3, 6.4.0 hasta 6.4.7, 6.2.0 hasta 6.2.9, 6.0.0 hasta 6.0.10, puede permitir a un atacante local llevar a cabo una escritura arbitraria de archiv... • https://fortiguard.com/psirt/FG-IR-22-044 • CWE-269: Improper Privilege Management •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43066
https://notcve.org/view.php?id=CVE-2021-43066
11 May 2022 — A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer. Un control externo de nombre de archivo o ruta en Fortinet FortiClientWindows versiones 7.0.2 y anteriores, versiones 6.4.6 y anteriores, versiones 6.2.9 y anteriores, versiones 6.0.10 y anteriores, permite a un atacante escalar privilegios por medio del instalador MSI • https://fortiguard.com/advisory/FG-IR-21-154 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-44167
https://notcve.org/view.php?id=CVE-2021-44167
11 May 2022 — An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links. Una asignación incorrecta de permisos para la vulnerabilidad de recursos críticos [CWE-732] en FortiClient para Linux versión 6.0.8 y anteriores, 6.2.9 y anteriores, 6.4.7 y anteriores, 7.0.2 y anteriores, puede ... • https://fortiguard.com/psirt/FG-IR-21-232 • CWE-732: Incorrect Permission Assignment for Critical Resource •