Lucene search
K

855 matches found

Cvelist
Cvelist
added 2023/04/11 4:6 p.m.30 views

CVE-2022-42470

A relative path traversal vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe...

7.8CVSS8AI score0.00346EPSS
Exploits0References1
CVE
CVE
added 2023/04/11 4:6 p.m.48 views

CVE-2022-42470

CVE-2022-42470 describes a local path-traversal vulnerability in Fortinet FortiClient for Windows. Exploitation path: a crafted request to a specific named pipe can allow an attacker with low privileges and no user interaction to execute arbitrary code or commands on the affected host. Affected s...

7.8CVSS7.7AI score0.00346EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/11 4:6 p.m.15 views

CVE-2022-42470

A relative path traversal vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe...

7.8CVSS7.4AI score0.00346EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/04/11 4:5 p.m.27 views

CVE-2022-40682

A incorrect authorization in Fortinet FortiClient Windows 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe...

7.8CVSS7.9AI score0.00165EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/04/11 4:5 p.m.13 views

CVE-2022-40682

A incorrect authorization in Fortinet FortiClient Windows 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe...

7.8CVSS7.4AI score0.00165EPSS
Exploits0References1
CVE
CVE
added 2023/04/11 4:5 p.m.92 views

CVE-2022-40682

CVE-2022-40682 corresponds to Fortinet FortiClient for Windows with an incorrect authorization vulnerability that affects multiple versions (6.0.0–6.0.10, 6.2.0–6.2.9, 6.4.0–6.4.9, 7.0.0–7.0.7). The issue can allow a local attacker to execute unauthorized code via a crafted request to a specific ...

7.8CVSS7.7AI score0.00165EPSS
Exploits0References1Affected Software1
Fortinet
Fortinet
added 2023/04/11 12:0 a.m.78 views

FortiClient (Windows) - Improper write access over FortiClient pipe object

Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in FortiClientWindows may allow an attacker on the same file sharing network to execute commands via writin...

5.1CVSS8.2AI score0.00701EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/11 12:0 a.m.5 views

PT-2023-9671 · Fortinet · Forticlient

Name of the Vulnerable Software and Affected Versions: Fortinet FortiClient versions 6.0.0 through 6.0.10 Fortinet FortiClient versions 6.2.0 through 6.2.9 Fortinet FortiClient versions 6.4.0 through 6.4.9 Fortinet FortiClient versions 7.0.0 through 7.0.7 Description: The issue is related to a...

7.8CVSS7.5AI score0.00346EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/04/11 12:0 a.m.4 views

PT-2023-9673 · Fortinet · Forticlient

Name of the Vulnerable Software and Affected Versions: Fortinet FortiClientWindows versions prior to 7.0.7 Description: The issue is related to an incorrect permission assignment for a critical resource and a time-of-check time-of-use TOCTOU race condition vulnerability. This could allow a remote...

8.1CVSS8.2AI score0.00701EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.3 views

Fortinet FortiClient 安全漏洞

Fortinet FortiClient is a structured agent from Fortinet, Inc. It is used to provide protection, compliance, and secure access in a single modular lightweight client. A security vulnerability exists in FortiClient Mac that stems from allowing a local attacker to modify the installer to elevate...

7.8CVSS7.3AI score0.00121EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/11 12:0 a.m.4 views

PT-2023-5164 · Fortinet · Forticlient

Name of the Vulnerable Software and Affected Versions: Fortinet FortiClient versions 6.0.0 through 6.0.10 Fortinet FortiClient versions 6.2.0 through 6.2.9 Fortinet FortiClient versions 6.4.0 through 6.4.9 Fortinet FortiClient versions 7.0.0 through 7.0.7 Description: The issue is related to...

7.8CVSS7.5AI score0.00165EPSS
Exploits0References4
Fortinet
Fortinet
added 2023/04/11 12:0 a.m.77 views

FortiClient (Windows) - Arbitrary file creation from unprivileged users due to process impersonation

An incorrect authorization CWE-863 vulnerability in FortiClient Windows may allow a local low privileged attacker to perform arbitrary file creation in the device filesystem...

4.3CVSS7.1AI score0.00165EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/01/13 12:0 a.m.7 views

The vulnerability of the Fortinet FortiClient for Windows installer and the FortiClient Enterprise Management Server (EMS) allows a perpetrator to execute arbitrary code.

The vulnerability of the Fortinet FortiClient for Windows installer and the FortiClient Enterprise Management Server EMS is related to an uncontrolled DLL search process. Exploiting this vulnerability allows a attacker to execute arbitrary code using a specially crafted DLL library...

7.8CVSS7.6AI score0.00243EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/01/13 12:0 a.m.3 views

The vulnerability of the Fortinet FortiClient Enterprise Management Server (EMS) server, related to certificate validation errors, allows attackers to carry out “man-in-the-middle” attacks and expose the protected information.

The vulnerability of the Fortinet FortiClient Enterprise Management Server EMS server is related to authentication errors. Exploiting this vulnerability allows a malicious actor to carry out “man-in-the-middle” attacks and expose the protected information...

8.2CVSS7.2AI score0.00213EPSS
Exploits0References4Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/12/28 12:0 a.m.6 views

The vulnerability of the nanomsg socket library in the Fortinet FortiClient for Linux security tool allows a hacker to cause a service failure.

The vulnerability of the nanomsg socket library in the Fortinet FortiClient for Linux security solution is related to writing beyond the buffer boundaries during the processing of the argv array. Exploiting this vulnerability can allow an attacker to cause a service failure by sending specially...

7.8CVSS7AI score0.01448EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/12/12 12:0 a.m.6 views

The vulnerability of the FortiClient.msi installer of the Fortinet FortiClient for Windows security solution allows a malicious individual to escalate their privileges.

The vulnerability of the FortiClient.msi installer of the Fortinet FortiClient for Windows security solution is related to incorrect external management of file names or file paths. Exploiting this vulnerability can allow attackers to increase their privileges...

8.4CVSS7.2AI score0.00215EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/12/12 12:0 a.m.6 views

The vulnerability of the Fortinet FortiClient for Windows security tool arises from the insecure management of privileges, allowing attackers to write arbitrary files.

The vulnerability of the Fortinet FortiClient for Windows security tool is related to insecure management of privileges. Exploiting this vulnerability could allow an attacker to write arbitrary files...

7.7CVSS7.2AI score0.00307EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/12/12 12:0 a.m.7 views

The vulnerability of the Fortinet FortiClient for Windows installer allows a hacker to increase their privileges.

The vulnerability of the Fortinet FortiClient for Windows installer is related to initialization errors. Exploiting this vulnerability can allow an attacker to gain increased privileges...

8.2CVSS7.6AI score0.00373EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/11/02 12:15 p.m.4 views

CVE-2022-33878

An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal...

5.5CVSS5.8AI score0.00143EPSS
Exploits0References1
NVD
NVD
added 2022/11/02 12:15 p.m.15 views

CVE-2022-33878

An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal...

5.5CVSS0.00143EPSS
Exploits0References1
Rows per page
Query Builder