211 matches found
FortiClientEMS & FortiClient - Telemetry protocol is vulnerable to a MitM Vulnerability
A combination of a use of hard-coded cryptographic key vulnerability CWE-321 in FortiClientEMS and an improper certificate validation vulnerability CWE-297 in FortiClientWindows, FortiClientLinux and FortiClientMac may allow an unauthenticated and network adjacent attacker to perform a...
CVE-2021-32592
An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path...
Path traversal
An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path...
CVE-2021-32592
An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path...
CVE-2021-32592
An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path...
Vulnerability fixed in FortiClientEMS
A vulnerability has been fixed in FortiClientEMS. The vulnerability allows an authenticated remote malicious person to to execute arbitrary code. Fortinet categorizes this vulnerability according to the CVSSv3 method with a score of 4. Fortinet has released updates to fix the vulnerability. More...
FortiClientEMS Cross-Site Scripting Vulnerability
Fortinet FortiClientEms is a centralized central management system from Fortinet. A cross-site scripting vulnerability exists in FortiClientEms. The vulnerability stems from the name parameter of the product's variable function not validating user input data. An attacker can inject malicious code...
CVE-2020-15940
An improper neutralization of input vulnerability CWE-79 in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server...
Input validation
An improper neutralization of input vulnerability CWE-79 in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server...
CVE-2020-15940
An improper neutralization of input vulnerability CWE-79 in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server...
CVE-2020-15940
An improper neutralization of input vulnerability CWE-79 in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server...
CVE-2020-15940
FortiClientEMS (versions <= 6.4.1 and
Fortinet FortiClientEms 跨站脚本漏洞
Fortinet FortiClientEms is a centralized central management system from Fortinet. A cross-site scripting vulnerability exists in FortiClientEms. The vulnerability stems from the name parameter of the product's variable function not validating user input data. An attacker can inject malicious code...
Fortinet FortiClientEms code issue vulnerability
Fortinet FortiClientEms is a centralized central management system from Fortinet, Inc. A code issue vulnerability exists in Fortinet FortiClientEms, which can be exploited by attackers to gain administrator privileges by reusing an unexpired administrator user session ID...
CVE-2021-24019
An insufficient session expiration vulnerability CWE- 613 in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks...
CVE-2020-15941
A path traversal vulnerability CWE-22 in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages...
CVE-2021-24019
An insufficient session expiration vulnerability CWE- 613 in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks...
CVE-2020-15941
A path traversal vulnerability CWE-22 in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages...
Path traversal
A path traversal vulnerability CWE-22 in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages...
CVE-2021-24019
An insufficient session expiration vulnerability CWE- 613 in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks...