855 matches found
Fortinet FortiClient 6.2.x < 6.2.1 Missing Encryption Of Sensitive Data Vulnerability
The version of Fortinet FortiClient running on the remote host is prior to 6.2.1. It is, therefore, affected by a missing encryption of sensitive data vulnerability. An attacker can access VPN session cookie from an endpoint device running FortiClient. The attacker can steal the cookies only if...
Fortinet FortiClient 6.2.x < 6.2.1 Missing Encryption Of Sensitive Data Vulnerability (macOS)
The version of Fortinet FortiClient Mac running on the remote host is prior to 6.2.1. It is, therefore, affected by a missing encryption of sensitive data vulnerability. An attacker can access VPN session cookie from an endpoint device running FortiClient. The attacker can steal the cookies only ...
Fortinet FortiClient Code Execution Vulnerability
Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. A security vulnerability exists in Fortinet FortiClient...
Multiple VPN applications insecurely store session cookies
The Missing Encryption Of Sensitive Data vulnerability in FortiClient may allow an attacker to access VPN session cookie from an endpoint device running FortiClient. The attacker can steal the cookies only if endpoint device has been compromised in such a way that the attacker has access to...
The vulnerability of the FortiClient for MAC protection mechanism, which stems from deficiencies in access control, allows attackers to trigger a service failure.
The vulnerability of the FortiClient for MAC protection tool is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to trigger a service failure using specially created files...
Fortinet FortiClient 6.0.1 < 6.0.5 Local DoS (macOS)
The version of Fortinet FortiClient Mac running on the remote host is prior to 6.0.5. It is, therefore, affected by a Denial of Service DoS vulnerability. An improper access control vulnerability in FortiClientMac may allow an attacker to affect the application's performance via modifying the...
Fortinet FortiClient Local Privilege Escalation
The version of Fortinet FortiClient running on the remote host is prior to 6.0.5. It is, therefore, affected by a privilege escalation vulnerability. An unauthenticated, remote attacker can exploit this to gain privileged or administrator access to the system. C Tenable Network Security, Inc...
Fortinet FortiClient NDIS Miniport Driver Null Pointer Dereference
The version of Fortinet FortiClient running on the remote host is prior to 6.0.3. It is, therefore, affected by a NULL pointer dereference flaw due to a failure to utilize necessary NULL checks before doing indirect function calls. An unauthenticated, local attacker can exploit this, via the NDIS...
CVE-2018-9190
A null pointer dereference vulnerability in Fortinet FortiClientWindows 6.0.2 and earlier allows attacker to cause a denial of service via the NDIS miniport driver...
FortiClient NDIS Miniport Driver Null Pointer Dereference
There is a Null pointer dereference in the NDIS Miniport drivers in FortiClient on Windows, which may be leveraged by an unprivileged user to cause a Denial of Service BSOD...
FortiClient local privilege escalation exploit chain
A researcher has disclosed several vulnerabilities against FortiClient for Windows, the combination of these vulnerabilities can turn into an exploit chain, which allows a user to gain system privileges on Microsoft Windows...
Fortinet FortiClient 5.2.3 (Windows 10 x64 Creators) - Local Privilege Escalation Exploit
Exploit for windows platform in category local exploits include "stdafx.h" include include include include pragma comment lib,"psapi" PULONGLONG leakbuffer = PULONGLONGVirtualAllocLPVOID0x000000001a000000, 0x2000, MEMRESERVE | MEMCOMMIT, PAGEREADWRITE; ULONGLONG leakQWORDULONGLONG addr, HANDLE...
Fortinet FortiClient 5.2.3 (Windows 10 x64 Creators) - Local Privilege Escalation
Fortinet FortiClient 5.2.3 Windows 10 x64 Creators - Local Privilege Escalation include "stdafx.h" include include include include pragma comment lib,"psapi" PULONGLONG leakbuffer = PULONGLONGVirtualAllocLPVOID0x000000001a000000, 0x2000, MEMRESERVE | MEMCOMMIT, PAGEREADWRITE; ULONGLONG...
Fortinet FortiClient 5.2.3 (Windows 10 x64 Creators) - Local Privilege Escalation
include "stdafx.h" include include include include pragma comment lib,"psapi" PULONGLONG leakbuffer = PULONGLONGVirtualAllocLPVOID0x000000001a000000, 0x2000, MEMRESERVE | MEMCOMMIT, PAGEREADWRITE; ULONGLONG leakQWORDULONGLONG addr, HANDLE driver memsetLPVOID0x000000001a000000, 0x11, 0x1000;...
CVE-2017-17543
Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak...
CVE-2017-17543
Fortinet CVE-2017-17543 affects FortiClient for Windows (5.6.0 and earlier), FortiClient for macOS (5.6.0 and earlier), and FortiClient SSLVPN Client for Linux (4.4.2335 and earlier). The root cause is unsafe credential handling due to use of a static encryption key and weak encryption algorithms...
CVE-2017-17543
Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak...
CVE-2017-17543
Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak...
FortiClient insecure VPN credential storage and encryption
In certain conditions, FortiClient users' VPN credentials are stored in improperly secured locations and unsafely encrypted...
Fortinet FortiClient Windows Elevation of Privilege Vulnerability
Fortinet FortiClient Windows is a Windows-based mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. A privilege-lifting vulnerability...