CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-40681
https://notcve.org/view.php?id=CVE-2022-40681
14 Nov 2023 — A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to cause denial of service via sending a crafted request to a specific named pipe. Una autorización incorrecta en Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 y 6.0.0 - 6.0.10 permite a un atacante provocar denegación de servicio mediante envío una solicitud manipulada para una canalización con nombre específico. • https://fortiguard.com/psirt/FG-IR-22-299 • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-33304
https://notcve.org/view.php?id=CVE-2023-33304
14 Nov 2023 — A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials. Un uso de vulnerabilidad de credenciales codificadas en Fortinet FortiClient Windows 7.0.0 - 7.0.9 y 7.2.0 - 7.2.1 permite a un atacante omitir las protecciones del sistema mediante el uso de credenciales estáticas. • https://fortiguard.com/psirt/FG-IR-23-108 • CWE-798: Use of Hard-coded Credentials •
CVSS: 3.3EPSS: 0%CPEs: 13EXPL: 0CVE-2023-37939
https://notcve.org/view.php?id=CVE-2023-37939
10 Oct 2023 — An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning. Una exposición de información confidencia... • https://fortiguard.com/psirt/FG-IR-22-235 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-33877
https://notcve.org/view.php?id=CVE-2022-33877
13 Jun 2023 — An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter (Windows) versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConverter is installed in an insecure folder. • https://fortiguard.com/psirt/FG-IR-22-229 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43946 – Fortinet FortiClient VPN Improper Access Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-43946
11 Apr 2023 — Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-check time-of-use (TOCTOU) race condition [CWE-367] vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute commands via writing data into a windows pipe. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiClient VPN. Authentication is required to exploit th... • https://fortiguard.com/psirt/FG-IR-22-429 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-42470
https://notcve.org/view.php?id=CVE-2022-42470
11 Apr 2023 — A relative path traversal vulnerability in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe. • https://fortiguard.com/psirt/FG-IR-22-320 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-40682
https://notcve.org/view.php?id=CVE-2022-40682
11 Apr 2023 — A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe. • https://fortiguard.com/psirt/FG-IR-22-336 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-22635
https://notcve.org/view.php?id=CVE-2023-22635
11 Apr 2023 — A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate their privileges via modifying the installer upon upgrade. • https://fortiguard.com/psirt/FG-IR-22-481 • CWE-494: Download of Code Without Integrity Check •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33878
https://notcve.org/view.php?id=CVE-2022-33878
02 Nov 2022 — An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal. Una exposición de información sensible a una vulnerabilidad de un actor no autorizado [CWE-200] en FortiClient para Mac versiones 7.0.0 a 7.0.5 puede permitir que un atacante autenticado local obtenga la contraseña SSL-VPN... • https://fortiguard.com/psirt/FG-IR-22-246 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-41031
https://notcve.org/view.php?id=CVE-2021-41031
18 Jul 2022 — A relative path traversal vulnerability [CWE-23] in FortiClient for Windows versions 7.0.2 and prior, 6.4.6 and prior and 6.2.9 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for FortiESNAC service. Una vulnerabilidad de salto de ruta relativa [CWE-23] en FortiClient para Windows versiones 7.0.2 y anteriores, 6.4.6 y anteriores y 6.2.9 y anteriores, puede permitir a un atacante local no privilegiado escalar sus privilegios a SYSTEM por... • https://fortiguard.com/advisory/FG-IR-21-190 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •