CVE-2019-17650

An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check...

CVE-2019-15704

A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway...

CVE-2019-16152

A Denial of service DoS vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly...

CVE-2019-15711

A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process...

Fortinet FortiClient EMS < 7.4.3 Path Traversal (FG-IR-24-552)

A Relative Path Traversal vulnerability CWE-23 in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests. Note that Nessus has not tested for this issue...

Fortinet FortiClient Code Execution due to Node.JS Environment Variable (FG-IR-24-025) (macOS)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-025 advisory. - An improper isolation or compartmentalization vulnerability CWE-653 in FortiClientMac version 7.4.2 and below, version...

Fortinet FortiClient Local privilege escalation in XPC services (FG-IR-25-016) (macOS)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-016 advisory. - An Incorrect Authorization vulnerability CWE-863 in FortiClient Mac may allow a local attacker to escalate privileges via...

PT-2025-23068 · Fortinet · Forticlient

Name of the Vulnerable Software and Affected Versions: FortiClient Mac versions 7.0.0 through 7.0.14 FortiClient Mac versions 7.2.0 through 7.2.8 FortiClient Mac versions 7.4.0 through 7.4.2 Description: The issue is related to an Incorrect Authorization vulnerability that may allow a local...

PT-2025-23067

Name of the Vulnerable Software and Affected Versions Fortinet FortiClientWindows versions 7.2.0 through 7.2.1 Description The issue allows an unauthorized remote attacker to view application information by navigating to a hosted webpage, if Windows is configured to accept incoming connections to...

Fortinet FortiClient Index of FCT installation directory publicly accessible (FG-IR-24-548)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-548 advisory. - An Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability CWE-497 in FortiClientWindows...

The server for managing Fortinet FortiClient Enterprise Management Server is vulnerable. This vulnerability stems from the lack of security measures taken to protect the website structure, allowing attackers to send messages containing JavaScript code.

The vulnerability of the Fortinet FortiClient Enterprise Management Server EMS server exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to send messages containing JavaScript code via a specially created link...

Fortinet FortiClient Cross-Site Scripting Vulnerability

Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. Fortinet FortiClient suffers from a cross-site scripting...

Fortinet FortiClient EMS 7.2.x / 7.4.x < 7.4.3 XSS (FG-IR-23-344)

The version of Fortinet FortiClient EMS installed on the remote host is 7.2.1 through 7.2.9 or 7.4.x prior to 7.4.3. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-344 advisory: - An improper neutralization of input during web page generation 'Cross-site Scripting'...

CVE-2025-22855

An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code...

CVE-2025-22855

An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code...

CVE-2025-22855

An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code...

CVE-2025-22855

An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code...

CVE-2025-22855

Fortinet FortiClient EMS (FortiClient EMS) suffers a Cross-site Scripting (CWE-79) flaw due to improper input neutralization during web page generation. Affected versions include FortiClient EMS before 7.4.1 (per Fortinet/FG-IR-23-344) and FortiClient EMS 7.2.x/7.4.x up to 7.4.3 (per Nessus FG-IR...

Fortinet FortiClient 跨站脚本漏洞

Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. Fortinet FortiClient suffers from a cross-site scripting...

The vulnerability of the Command Line Interface (CLI) of the Fortinet FortiClient security device allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Command Line Interface CLI of the Fortinet FortiClient security device is related to the storage of critical information in an open manner. Exploiting this vulnerability can allow an attacker to gain unauthorized access to the protected information...