CVE-2022-40681
https://notcve.org/view.php?id=CVE-2022-40681
A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to cause denial of service via sending a crafted request to a specific named pipe. Una autorización incorrecta en Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 y 6.0.0 - 6.0.10 permite a un atacante provocar denegación de servicio mediante envío una solicitud manipulada para una canalización con nombre específico. • https://fortiguard.com/psirt/FG-IR-22-299 • CWE-863: Incorrect Authorization •
CVE-2023-37939
https://notcve.org/view.php?id=CVE-2023-37939
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning. Una exposición de información confidencial a una vulnerabilidad de actor no autorizado [CWE-200] en FortiClient para Windows 7.2.0, 7.0 todas las versiones, 6.4 todas las versiones, 6.2 todas las versiones, Linux 7.2.0, 7.0 todas las versiones, 6.4 todas las versiones, 6.2 todas y Mac 7.2.0 a 7.2.1, 7.0 todas las versiones, 6.4 todas las versiones, 6.2 todas las versiones, pueden permitir que un atacante local autenticado sin privilegios administrativos recupere la lista de archivos o carpetas excluidas del análisis de malware. • https://fortiguard.com/psirt/FG-IR-22-235 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-43946 – Fortinet FortiClient VPN Improper Access Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-43946
Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-check time-of-use (TOCTOU) race condition [CWE-367] vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute commands via writing data into a windows pipe. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiClient VPN. Authentication is required to exploit this vulnerability. The specific flaw exists within the FortiClient Logging daemon. The product applies insufficient access controls to a sensitive pipe. A remote attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://fortiguard.com/psirt/FG-IR-22-429 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2022-42470
https://notcve.org/view.php?id=CVE-2022-42470
A relative path traversal vulnerability in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe. • https://fortiguard.com/psirt/FG-IR-22-320 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVE-2022-40682
https://notcve.org/view.php?id=CVE-2022-40682
A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe. • https://fortiguard.com/psirt/FG-IR-22-336 • CWE-863: Incorrect Authorization •