Fortinet FortiClient 安全漏洞

Fortinet FortiClient is a mobile endpoint security solution from Fortinet. It provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. A security vulnerability exists in Fortinet FortiClient, which can...

FortiClient (Windows) - Denial of service due to folder access permission change

An improper control of a resource through its lifetime CWE-664 vulnerability in FortiClient Windows may allow a privileged attacker to make the whole application unresponsive via changing its root directory access permission...

FortiClient (Windows) - Web filter bypass

An improper authorization vulnerabiltiy CWE-285 in FortiClient Windows may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater...

Fortinet FortiClient 信任管理问题漏洞

Fortinet FortiClient is a mobile endpoint security solution from Fortinet, a US-based company. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance.Fortinet FortiClient has a security...

FortiClient EMS - SAML SSO replay attack

An authentication bypass by capture-replay vulnerability CWE-294 in FortiClient EMS may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages...

Fortinet FortiClient Dylib injection (FG-IR-21-079) (macOS)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-079 advisory. - An improper control of generation of code vulnerability CWE-94 in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and...

Fortinet FortiClient Privilege escalation vulnerability (FG-IR-20-079)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-20-079 advisory. - An improper authorization vulnerability CWE-285 in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below m...

CVE-2021-32592

An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path...

Path traversal

An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path...

CVE-2021-32592

FortiClientWindows (7.0.0; 6.4.6 and below; 6.2.x; 6.0.x) and FortiClient EMS (7.0.0; 6.4.6 and below; 6.2.x; 6.0.x) are affected by an unsafe search path vulnerability that enables DLL hijacking via a malicious OpenSSL engine library placed in the search path. This can allow a local attacker to ...

Fortinet FortiClient Elevation of Privilege Vulnerability (CNVD-2021-102008)

FortiClient is a mobile endpoint security solution from Fortinet, Inc. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance.FortiClient is vulnerable to an elevation of privilege...

Vulnerability concealed in FortiClient

A vulnerability has been fixed in FortiClient and FortiClient EMS. An insecure search path could allow an attacker to launch a DLL-Hijack attack. Through the exploitation of this vulnerability, an attacker can obtain elevated privileges on the vulnerable system. Fortinet has released updates to f...

FortiClientWindows & FortiClient EMS - Privilege escalation via DLL Hijacking

An unsafe search path vulnerability in FortiClient and FortiClient EMS may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path...

Fortinet FortiClient 代码问题漏洞

FortiClient is a mobile endpoint security solution from Fortinet, Inc. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance.FortiClient is vulnerable to an elevation of privilege...

Unspecified Vulnerability in Fortinet FortiClient (CNVD-2021-84249)

Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. A security vulnerability exists in FortiClientMacOS...

CVE-2021-42754

An improper control of generation of code vulnerability CWE-94 in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without the user permission via the malicious dylib file...

CVE-2021-36183

An improper authorization vulnerability CWE-285 in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates...

CVE-2021-36183

An improper authorization vulnerability CWE-285 in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates...

Authorization

An improper authorization vulnerability CWE-285 in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates...

CVE-2021-36183

An improper authorization vulnerability CWE-285 in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates...