Forticlient Security Vulnerabilities and Issues — Forticlient CVE List

Lucene search

FortinetForticlient

8 matches found

CVE•added 2022/04/06 10:15 a.m.•101 views

CVE-2021-44169

A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory.

8.8CVSS8.7AI score0.00131EPSS

CVE•added 2022/07/18 6:15 p.m.•83 views

CVE-2021-41031

A relative path traversal vulnerability [CWE-23] in FortiClient for Windows versions 7.0.2 and prior, 6.4.6 and prior and 6.2.9 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for FortiESNAC service.

7.8CVSS7.5AI score0.00129EPSS

CVE•added 2022/04/06 4:15 p.m.•79 views

CVE-2021-22127

An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow an unauthenticated attacker to execute arbitrary code on the host operating system as root via tricking the user into connecting to a network with a malicious n...

8CVSS8.1AI score0.00311EPSS

CVE•added 2022/07/19 2:15 p.m.•78 views

CVE-2022-26113

An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.10 may allow a local attacker to perform an arbitrary file write on the system.

7.7CVSS6.8AI score0.00104EPSS

CVE•added 2022/04/06 10:15 a.m.•72 views

CVE-2021-43205

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Linux version 7.0.2 and below, 6.4.7 and below and 6.2.9 and below may allow an unauthenticated attacker to access the confighandler webserver via external binaries.

5.3CVSS5.1AI score0.00255EPSS

CVE•added 2022/05/11 3:15 p.m.•67 views

CVE-2021-44167

An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links.

7.5CVSS7.4AI score0.0024EPSS

CVE•added 2022/05/11 4:15 p.m.•62 views

CVE-2021-43066

A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer.

8.4CVSS7.8AI score0.00058EPSS

CVE•added 2022/11/02 12:15 p.m.•55 views

CVE-2022-33878

An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal.

5.5CVSS5.2AI score0.00052EPSS