Forticlient Security Vulnerabilities and Issues — Page 2 of Forticlient CVE List

Lucene search

FortinetForticlient

74 matches found

CVE•added 2015/09/03 2:59 p.m.•44 views

CVE-2015-5736

The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call.

7.2CVSS7.1AI score0.0248EPSS

CVE•added 2019/05/30 5:29 p.m.•44 views

CVE-2018-13368

A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection.

7.8CVSS8.1AI score0.00108EPSS

CVE•added 2020/02/06 4:15 p.m.•44 views

CVE-2019-16152

A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly vali...

6.8CVSS6.6AI score0.00352EPSS

CVE•added 2021/11/02 7:15 p.m.•44 views

CVE-2021-36183

An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates.

7.8CVSS7.6AI score0.00136EPSS

CVE•added 2019/05/30 5:29 p.m.•43 views

CVE-2018-9191

A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates.

7.8CVSS7.9AI score0.00051EPSS

CVE•added 2018/04/26 8:29 p.m.•42 views

CVE-2017-17543

Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encrypt...

7.5CVSS7.8AI score0.00071EPSS

CVE•added 2020/02/07 3:15 p.m.•42 views

CVE-2019-16155

A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process. Further more, ...

7.1CVSS7.3AI score0.00044EPSS

CVE•added 2015/09/03 2:59 p.m.•41 views

CVE-2015-5737

The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged h...

7.2CVSS6.8AI score0.00061EPSS

CVE•added 2025/03/14 4:15 p.m.•41 views

CVE-2023-45588

An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.

8.2CVSS8.4AI score0.00033EPSS

CVE•added 2009/04/07 11:30 p.m.•39 views

CVE-2009-1262

Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name.

7.2CVSS7.5AI score0.00076EPSS

CVE•added 2020/02/06 4:15 p.m.•39 views

CVE-2019-15711

A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process.

7.8CVSS7.8AI score0.00044EPSS

CVE•added 2019/02/08 7:29 p.m.•38 views

CVE-2018-9190

A null pointer dereference vulnerability in Fortinet FortiClientWindows 6.0.2 and earlier allows attacker to cause a denial of service via the NDIS miniport driver.

5.5CVSS5.3AI score0.00145EPSS

CVE•added 2024/11/12 7:15 p.m.•38 views

CVE-2024-36513

A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts.

8.8CVSS7.1AI score0.00023EPSS

CVE•added 2015/02/10 8:59 p.m.•37 views

CVE-2015-1570

The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate.

4.3CVSS6.1AI score0.00134EPSS

CVE•added 2021/12/09 10:15 a.m.•37 views

CVE-2021-36167

An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater.

5.3CVSS5.3AI score0.003EPSS

CVE•added 2021/11/02 7:15 p.m.•37 views

CVE-2021-42754

An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without the user permission via the malicious dylib file.

5CVSS5.1AI score0.00406EPSS

CVE•added 2021/12/09 9:15 a.m.•37 views

CVE-2021-43204

A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2.9 and below, version 6.0.10 and below allows attacker to cause a complete denial of service of its components via changes of directory access permissions.

4.9CVSS4.7AI score0.00043EPSS

CVE•added 2023/04/11 5:15 p.m.•36 views

CVE-2022-42470

A relative path traversal vulnerability in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe.

7.8CVSS7.7AI score0.00098EPSS

CVE•added 2017/06/26 5:29 p.m.•35 views

CVE-2016-8493

In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability.

9CVSS8.8AI score0.0059EPSS

CVE•added 2016/01/08 7:59 p.m.•34 views

CVE-2015-7362

Fortinet FortiClient Linux SSLVPN before build 2313, when installed on Linux in a home directory that is world readable and executable, allows local users to gain privileges via the helper/subroc setuid program.

7.8CVSS7.6AI score0.00039EPSS

CVE•added 2015/02/02 4:59 p.m.•33 views

CVE-2015-1453

The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences.

5CVSS6.5AI score0.00156EPSS

CVE•added 2020/02/06 4:15 p.m.•32 views

CVE-2019-17652

A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "StartAvCustomScan" type IPC client requests to the fctsched process due the argv dat...

6.8CVSS6.8AI score0.00425EPSS

CVE•added 2025/06/10 5:19 p.m.•32 views

CVE-2024-54019

A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another form of redirection.

6.5CVSS5.1AI score0.00026EPSS

CVE•added 2015/02/10 8:59 p.m.•31 views

CVE-2015-1569

Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate.

4.3CVSS6.2AI score0.00134EPSS

Total number of security vulnerabilities74