CVE-2024-40592

An improper verification of cryptographic signature vulnerability CWE-347 in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to swap the installer with a malicious package via a race condition...

CVE-2024-40592

An improper verification of cryptographic signature vulnerability CWE-347 in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to swap the installer with a malicious package via a race condition...

CVE-2024-36513

A privilege context switching error vulnerability CWE-270 in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts...

CVE-2024-36513

A privilege context switching error vulnerability CWE-270 in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts...

CVE-2024-40592

An improper verification of cryptographic signature vulnerability CWE-347 in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to swap the installer with a malicious package via a race condition...

CVE-2024-40592

An improper verification of cryptographic signature vulnerability CWE-347 in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to swap the installer with a malicious package via a race condition...

CVE-2024-40592

Summary: CVE-2024-40592 affects FortiClient for macOS. FortiClient MacOS versions 7.4.0, 7.2.4 and below, 7.0.10 and below, 6.4.10 and below are vulnerable due to improper verification of a cryptographic signature, which may allow a local authenticated attacker to swap the installer with a malici...

CVE-2024-36513

A privilege context switching error vulnerability CWE-270 in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts...

CVE-2024-36513

CVE-2024-36513 describes a privilege context switching error (CWE-270) in FortiClient for Windows. Publicly documented affected versions include FortiClient Windows 7.2.4 and below, 7.0.12 and below, and 6.4 across all versions, where an authenticated user may escalate privileges via lua auto pat...

CVE-2024-36513

A privilege context switching error vulnerability CWE-270 in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts...

PT-2024-27041 · Fortinet · Forticlientwindows

Name of the Vulnerable Software and Affected Versions: FortiClient Windows versions 7.2.4 and below FortiClient Windows version 7.0.12 and below FortiClient Windows version 6.4 Description: A privilege context switching error vulnerability in FortiClient Windows may allow an authenticated user to...

Fortinet FortiClient 数据伪造问题漏洞

Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. The Fortinet FortiClient is vulnerable to a data forgery...

Fortinet FortiClient 安全漏洞

Fortinet FortiClient is a mobile endpoint security solution from Fortinet, Inc. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance. A security vulnerability exists in Fortinet...

PT-2024-8517 · Fortinet · Forticlient

Name of the Vulnerable Software and Affected Versions: FortiClient MacOS versions 7.4.0, 7.2.4 and below, 7.0.10 and below, 6.4.10 and below Description: The issue is related to an improper verification of cryptographic signature, which may allow a local authenticated attacker to swap the install...

Fortinet FortiClient Named Pipes Improper Access Control (FG-IR-24-199)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-199 advisory. - An authentication bypass using an alternate path or channel vulnerability CWE-288 in FortiClient Windows may allow a low...

Fortinet FortiClient Privilege escalation via lua auto patch function (FG-IR-24-144)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-144 advisory. - A privilege context switching error vulnerability CWE-270 in FortiClient Windows version 7.2.4 and below, version 7.0.12...

Fortinet FortiClient Online Installer DLL Hijacking (FG-IR-24-205)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-205 advisory. - A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12...

Fortinet FortiClient - Missing signature verification (FG-IR-24-022) (macOS)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-022 advisory. - An improper verification of cryptographic signature vulnerability CWE-347 in FortiClient MacOS version 7.4.0, version 7.2...

Fortinet FortiClient stores the SSLVPN password in cleartext (FG-IR-22-246) (macOS)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-246 advisory. - An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiClient for Mac versions 7.0.0...

Fortinet FortiClient Insecure Temporary File (CWE-377) vulnerability (FG-IR-20-040)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-20-040 advisory. - An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevat...