Lucene search
+L

211 matches found

Fortinet
Fortinet
added 2021/12/07 12:0 a.m.52 views

FortiClientEMS & FortiClient - Telemetry protocol is vulnerable to a MitM Vulnerability

A combination of a use of hard-coded cryptographic key vulnerability CWE-321 in FortiClientEMS and an improper certificate validation vulnerability CWE-297 in FortiClientWindows, FortiClientLinux and FortiClientMac may allow an unauthenticated and network adjacent attacker to perform a...

5.4CVSS4.2AI score0.00213EPSS
Exploits0Affected Software4
OSV
OSV
added 2021/12/01 12:15 p.m.4 views

CVE-2021-32592

An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path...

7.8CVSS7.1AI score0.00243EPSS
Exploits0References1
Prion
Prion
added 2021/12/01 12:15 p.m.23 views

Path traversal

An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path...

6.9CVSS7.4AI score0.00243EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2021/12/01 11:27 a.m.31 views

CVE-2021-32592

An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path...

7.8CVSS7.7AI score0.00243EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/12/01 11:27 a.m.18 views

CVE-2021-32592

An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path...

7.8CVSS6.7AI score0.00243EPSS
Exploits0References1
NCSC
NCSC
added 2021/11/05 12:0 a.m.6 views

Vulnerability fixed in FortiClientEMS

A vulnerability has been fixed in FortiClientEMS. The vulnerability allows an authenticated remote malicious person to to execute arbitrary code. Fortinet categorizes this vulnerability according to the CVSSv3 method with a score of 4. Fortinet has released updates to fix the vulnerability. More...

5.4CVSS6.9AI score0.00711EPSS
Exploits0
CNVD
CNVD
added 2021/11/04 12:0 a.m.5 views

FortiClientEMS Cross-Site Scripting Vulnerability

Fortinet FortiClientEms is a centralized central management system from Fortinet. A cross-site scripting vulnerability exists in FortiClientEms. The vulnerability stems from the name parameter of the product's variable function not validating user input data. An attacker can inject malicious code...

5.4CVSS6.2AI score0.00711EPSS
Exploits0References1
NVD
NVD
added 2021/11/02 6:15 p.m.25 views

CVE-2020-15940

An improper neutralization of input vulnerability CWE-79 in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server...

5.4CVSS0.00711EPSS
Exploits0References1
Prion
Prion
added 2021/11/02 6:15 p.m.17 views

Input validation

An improper neutralization of input vulnerability CWE-79 in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server...

3.5CVSS5.3AI score0.00711EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/11/02 5:49 p.m.27 views

CVE-2020-15940

An improper neutralization of input vulnerability CWE-79 in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server...

4.1CVSS5.3AI score0.00711EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/11/02 5:49 p.m.12 views

CVE-2020-15940

An improper neutralization of input vulnerability CWE-79 in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server...

4.1CVSS6.5AI score0.00711EPSS
Exploits0References1
CVE
CVE
added 2021/11/02 5:49 p.m.57 views

CVE-2020-15940

FortiClientEMS (versions <= 6.4.1 and

5.4CVSS5.2AI score0.00711EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/11/02 12:0 a.m.7 views

Fortinet FortiClientEms 跨站脚本漏洞

Fortinet FortiClientEms is a centralized central management system from Fortinet. A cross-site scripting vulnerability exists in FortiClientEms. The vulnerability stems from the name parameter of the product's variable function not validating user input data. An attacker can inject malicious code...

5.4CVSS5.3AI score0.00711EPSS
Exploits0References3
CNVD
CNVD
added 2021/10/14 12:0 a.m.21 views

Fortinet FortiClientEms code issue vulnerability

Fortinet FortiClientEms is a centralized central management system from Fortinet, Inc. A code issue vulnerability exists in Fortinet FortiClientEms, which can be exploited by attackers to gain administrator privileges by reusing an unexpired administrator user session ID...

9.8CVSS4.6AI score0.03841EPSS
Exploits0References1
NVD
NVD
added 2021/10/06 10:15 a.m.20 views

CVE-2021-24019

An insufficient session expiration vulnerability CWE- 613 in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks...

9.8CVSS0.03841EPSS
Exploits0References1
NVD
NVD
added 2021/10/06 10:15 a.m.21 views

CVE-2020-15941

A path traversal vulnerability CWE-22 in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages...

5.5CVSS0.01109EPSS
Exploits0References1
OSV
OSV
added 2021/10/06 10:15 a.m.6 views

CVE-2021-24019

An insufficient session expiration vulnerability CWE- 613 in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks...

9.8CVSS5.8AI score0.03841EPSS
Exploits0References1
OSV
OSV
added 2021/10/06 10:15 a.m.4 views

CVE-2020-15941

A path traversal vulnerability CWE-22 in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages...

5.4CVSS5.8AI score
Exploits0References1
Prion
Prion
added 2021/10/06 10:15 a.m.21 views

Path traversal

A path traversal vulnerability CWE-22 in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages...

5.5CVSS5.4AI score0.01109EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/10/06 9:41 a.m.25 views

CVE-2021-24019

An insufficient session expiration vulnerability CWE- 613 in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks...

8.1CVSS9.6AI score0.03841EPSS
Exploits0References1
Rows per page
Query Builder