Fortinet FortiClient - Lack of client-side certificate validation in ZTNA service (FG-IR-22-282)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-282 advisory. - AAn improper certificate validation vulnerability CWE-295 in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11...

Fortinet FortiClient (All) - Lack of client-side certificate validation using SAML SSO (FG-IR-22-230)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-230 advisory. - An improper certificate validation vulnerability CWE-295 in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7,...

PT-2024-9823 · Fortinet · Forticlientmac +3

Name of the Vulnerable Software and Affected Versions: FortiClientWindows versions 7.0.0 through 7.0.11, 7.2.0 through 7.2.2 FortiClientLinux versions 7.0.0 through 7.0.11, 7.2.0 FortiClientMac versions 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 Description: The issue is related to an improper...

PT-2024-9819 · Fortinet · Forticlientwindows +4

Name of the Vulnerable Software and Affected Versions: FortiClientWindows versions 6.4 through 7.0.7 FortiClientMac versions 6.4 through 7.2.4 FortiClientLinux versions 6.4 through 7.2.4 FortiClientAndroid versions 6.4 through 7.2.0 FortiClientiOS versions 5.6 through 7.0.6 Description: The issue...

Fortinet FortiClient - Lack of client-side certificate validation in ZTNA service (FG-IR-22-282) (macOS)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-282 advisory. - AAn improper certificate validation vulnerability CWE-295 in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11...

Fortinet FortiClient (All) - Lack of client-side certificate validation using SAML SSO (FG-IR-22-230) (macOS)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-230 advisory. - An improper certificate validation vulnerability CWE-295 in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7,...

Fortinet FortiClient Telemetry protocol is vulnerable to a MitM (FG-IR-21-075)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-075 advisory. - A combination of a use of hard-coded cryptographic key vulnerability CWE-321 in FortiClientEMS 7.0.1 and below, 6.4.6 and...

Fortinet FortiClient in OpenSSL library (FG-IR-22-059)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-059 advisory. - The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for...

Fortinet FortiClient Web filter bypass (FG-IR-20-127)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-20-127 advisory. - An improper authorization vulnerabiltiy CWE-285 in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and...

Fortinet FortiClient DoS due to folder access permission change (FG-IR-21-167)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-167 advisory. - A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2...

Fortinet FortiClient Telemetry protocol is vulnerable to a MitM (FG-IR-21-075) (macOS)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-075 advisory. - A combination of a use of hard-coded cryptographic key vulnerability CWE-321 in FortiClientEMS 7.0.1 and below, 6.4.6 and...

Fortinet FortiClient Arbitrary file write as SYSTEM (FG-IR-22-044)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-044 advisory. - An execution with unnecessary privileges vulnerability CWE-250 in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through...

Fortinet FortiClient in OpenSSL library (FG-IR-22-059) (macOS)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-059 advisory. - The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for...

Fortinet FortiClient Information disclosure of folders to exclude from scanning (FG-IR-22-235) (macOS)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-235 advisory. - An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiClient for Windows 7.2.0, 7.0...

Fortinet FortiClient DLL Hijacking via openssl.cnf (FG-IR-23-274)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-274 advisory. - A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack...

Fortinet FortiClient Arbitrary file deletion from unprivileged users (FG-IR-22-299)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-299 advisory. - A incorrect authorization in Fortinet FortiClient Windows 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10...

Fortinet FortiClient Information disclosure of folders to exclude from scanning (FG-IR-22-235)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-235 advisory. - An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiClient for Windows 7.2.0, 7.0...

Fortinet FortiClient TunnelVision - CVE-2024-3661 (FG-IR-24-170) (macOS)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-170 advisory. - DHCP can add routes to a client's routing table via the classless static route option 121. VPN-based security solutions...

Fortinet FortiClient TunnelVision - CVE-2024-3661 (FG-IR-24-170)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-170 advisory. - DHCP can add routes to a client's routing table via the classless static route option 121. VPN-based security solutions...

The vulnerability of the FortiClient for MAC protection mechanism lies in improper external management of file names or paths, allowing attackers to execute arbitrary code.

The vulnerability of the FortiClient for MAC protection tool is related to incorrect external manipulation of the file name or file path. Exploiting this vulnerability allows an attacker to execute arbitrary code by writing the malicious file to the /tmp directory...