855 matches found
CVE-2022-26122
An insufficient verification of data authenticity vulnerability CWE-345 in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64...
CVE-2022-26122
An insufficient verification of data authenticity vulnerability CWE-345 in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64...
CVE-2022-33878
An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal...
Default credentials
An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal...
Authorization
An insufficient verification of data authenticity vulnerability CWE-345 in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64...
CVE-2022-26122
An insufficient verification of data authenticity vulnerability CWE-345 in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64...
CVE-2022-26122
An insufficient verification of data authenticity vulnerability CWE-345 in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64...
CVE-2022-33878
An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal...
The vulnerability of the FortiClient NAC (fcnacd) operating system allows a perpetrator to execute arbitrary code or cause service interruptions.
The vulnerability of the FortiOS operating system’s FortiClient NAC fcnacd is related to buffer overflow in the stack. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure by sending a specially crafted request...
CVE-2022-26122
CVE-2022-26122 affects Fortinet products FortiClient, FortiMail and FortiOS AV engines. The vulnerability, CWE-345, arises from insufficient verification of data authenticity and can allow bypass of the AV engine by manipulating MIME attachments encoded in base64. Affected versions are FortiClien...
PT-2022-21879 · Fortinet · Forticlient +1
Name of the Vulnerable Software and Affected Versions: FortiClient for Mac versions 7.0.0 through 7.0.5 Description: The issue allows a local authenticated attacker to obtain the SSL-VPN password in cleartext by running a logstream for the FortiTray process in the terminal, potentially exposing...
CVE-2022-33878
An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal...
CVE-2022-26122
An insufficient verification of data authenticity vulnerability CWE-345 in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64...
CVE-2022-33878
CVE-2022-33878 affects FortiClient for Mac, versions 7.0.0–7.0.5. A local authenticated attacker can obtain the SSL-VPN password in cleartext by running a logstream for the FortiTray process in the terminal. This is a local-attack scenario with disclosure of sensitive credentials; the provided do...
Fortinet FortiMail和FortiClient 数据伪造问题漏洞
Fortinet FortiMail and FortiClient are both products of the U.S. Fitta Fortinet. fortiMail is a set of e-mail security gateway products. The product provides e-mail security and data protection features. FortiClient is a structure agent. Used to provide protection, compliance, and secure access i...
FortiClient (MAC) - FortiTray stores the SSLVPN password in cleartext
An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiClient for Mac may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal...
Fortinet FortiClient 信息泄露漏洞
Fortinet FortiClient is a structured agent from Fortinet, Inc. It is used to provide protection, compliance, and secure access in a single modular lightweight client. An information disclosure vulnerability exists in Fortinet FortiClient Mac. An attacker exploiting this vulnerability could bypass...
PT-2022-5767 · Fortinet · Forticlient +2
Name of the Vulnerable Software and Affected Versions: FortiClient, FortiMail, and FortiOS AV engines versions 6.2.168 and below FortiClient, FortiMail, and FortiOS AV engines versions 6.4.274 and below Description: The issue is related to insufficient verification of data authenticity, which may...
Protect
An insufficient verification of data authenticity vulnerability CWE-345 in FortiClient, FortiMail and FortiOS AV engines may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64...
The vulnerability of the Fortinet FortiClient Enterprise Management Server (EMS) server lies in the lack of security measures for the website structure, allowing attackers to execute cross-site scripting attacks.
The vulnerability of the Fortinet FortiClient Enterprise Management Server EMS server relates to the lack of security measures taken during the creation of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...