855 matches found
CVE-2021-36183
An improper authorization vulnerability CWE-285 in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates...
CVE-2021-36183
CVE-2021-36183 affects FortiClient for Windows (versions 7.0.1 and below, and 6.4.2 and below). The issue is an improper authorization (CWE-285) that may allow a local unprivileged attacker to escalate privileges to SYSTEM through the FortiClient update named pipe. The connected sources provide t...
Fortinet FortiClient 代码注入漏洞
Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. A security vulnerability exists in FortiClientMacOS...
Fortinet FortiClientWindows安全漏洞
Fortinet FortiClientWindows is a Windows-based mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. A security vulnerability in Fortine...
FortiClient (Windows) - Privilege escalation vulnerability
An improper authorization vulnerability CWE-285 in FortiClient for Windows may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates...
FortiClient (MacOS) - Dylib injection Vulnerability observed in FortiClientMacOS
An improper control of generation of code vulnerability CWE-94 in FortiClient for MacOS may allow an authenticated attacker to hijack the MacOS camera via replacing the FortiClient camera handling library with a malicious one...
The server for managing Fortinet FortiClient Enterprise Management Server programs is vulnerable due to errors in device management. This vulnerability allows attackers to increase their privileges.
The vulnerability of the Fortinet FortiClient Enterprise Management Server EMS server is related to errors in device management. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...
Fortinet FortiClient 操作系统命令注入漏洞
Fortinet FortiClient is a structured agent from Fortinet, Inc. It is used to provide protection, compliance, and secure access in a single modular lightweight client. Fortinet FortiClient suffers from an operating system command injection vulnerability that can be exploited by an unauthenticated,...
FortiClient Linux - Command injection vulnerability
An OS command injection CWE-78 vulnerability in FortiClient for Linux may allow an unauthenticated, network-adjacent attacker to execute privileged and arbitrary commands on the Linux appliance on which FortiClient is running by tricking the user into connecting to a network with a malicious na...
The vulnerability of the FortiClient for MacOS protection mechanism lies in the incorrect handling of the link before accessing the file, allowing attackers to execute arbitrary code.
The vulnerability of the FortiClient for MacOS protection mechanism is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability allows a perpetrator to execute arbitrary code...
CVE-2021-26089
An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase...
CVE-2021-26089
An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase...
Input validation
An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase...
CVE-2021-26089
An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase...
CVE-2021-26089
An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase...
CVE-2021-26089
CVE-2021-26089 affects Fortinet FortiClient for macOS (6.4.3 and earlier). The issue is an improper symlink following that lets a local, unprivileged user escalate to privileged shell access during installation. Public advisories describe local privilege escalation via a symlink in the installer ...
Vulnerability fixed in Fortinet FortiClient for macOS
A vulnerability has been fixed in Fortinet FortiClient for macOS. By exploiting this vulnerability to gain root privileges on the vulnerable system. See also the page below from the discoverers of this vulnerability, for more information: https://www.zerodayinitiative.com/advisories/ZDI-21-693/...
Fortinet FortiClient Incorrect Permission Assignment Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Fortinet FortiClient on Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...
Fortinet FortiClient 后置链接漏洞
Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance. A security vulnerability exists in Fortinet FortiClient...
The vulnerability of the Fortinet FortiClient for Windows security tool lies in the rigid encoding of registration data, which allows an intruder to gain unauthorized access to the protected information.
The vulnerability of the Fortinet FortiClient for Windows security tool is related to the rigid encoding of registration data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the protected information...