Information disclosure

An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to...

CVE-2017-14184

An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to...

CVE-2017-14184

An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to...

CVE-2017-14184

An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to...

CVE-2017-14184

The CVE-2017-14184 vulnerability affects Fortinet FortiClient components: Windows FortiClient 5.6.0 and below, Mac FortiClient 5.6.0 and below, and FortiClient SSLVPN Client for Linux 4.4.2334 and below. The root cause is insecure storage locations used to house VPN credentials, allowing regular ...

CVE-2017-14184

An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to...

CVE-2017-7344

A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain...

Privilege escalation

A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain...

CVE-2017-7344

A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain...

CVE-2017-7344

A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain...

CVE-2017-7344

A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain...

CVE-2017-7344

CVE-2017-7344 describes a privilege escalation in Fortinet FortiClient Windows versions 5.4.3 and earlier and 5.6.0. An attacker can exploit the Windows “security alert” dialog when VPN before logon is enabled and an untrusted certificate chain to gain SYSTEM-level privileges. Exploitation can be...

Fortinet FortiClient VPN Credential Disclosure Vulnerability

FortiClient stores the VPN authentication credentials in a configuration file on Linux or Mac OSX or in registry on Windows. The credentials are encrypted but can still be recovered since the decryption key is hardcoded in the program and the same on all installations. Above all, the aforemention...

Fortinet FortiClient VPN Credential Disclosure

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: VPN credentials disclosure product: Fortinet FortiClient vulnerable version: 4.4.2335 on Linux, 5.6.1 on Windows, 5.6.1 on Mac OSX fixed version: 4.4.2335 on Linux, 5.6.1...

Gain Windows privileges with FortiClient vpn before logon and untrusted certificate

When the "VPN before logon" feature of FortiClient Windows is enabled disabled by default, and when the server certificate is not valid, it is possible for an attacker without a user account on the targeted Windows workstation to obtain SYSTEM level privileges, via exploiting the Windows "securi...

Fortinet FortiClient Elevation of Privilege Vulnerability

Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. An elevation of privilege vulnerability exists in Fortin...

FortiClient privilege escalation vulnerability

A low privileged user may be able to execute arbitrary code by exploiting a FortiClientNamedPipe vulnerability...

Privilege escalation

In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability...

CVE-2016-8493

In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability...

Fortinet FortiClient SSL_VPN for Linux Remote Code Execution Vulnerability

Fortinet FortiClient SSLVPN for Linux is a Linux-based VPN client for connecting to Fortinet devices. A remote code execution vulnerability exists in Fortinet FortiClient SSLVPN for Linux. An attacker can exploit this vulnerability to overwrite arbitrary files with FortiClient log files...