Lucene search

K

11 matches found

CVE
CVE
added 2024/05/06 7:15 p.m.269 views

CVE-2024-3661

DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify ne...

7.6CVSS7.3AI score0.01876EPSS
CVE
CVE
added 2024/11/13 12:15 p.m.62 views

CVE-2024-47574

A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages.

7.8CVSS8.1AI score0.00035EPSS
CVE
CVE
added 2024/12/19 11:15 a.m.60 views

CVE-2020-15934

An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine.

8.8CVSS8.4AI score0.00028EPSS
CVE
CVE
added 2024/09/10 3:15 p.m.60 views

CVE-2024-31489

AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-...

8.1CVSS7.1AI score0.00064EPSS
CVE
CVE
added 2024/04/09 3:15 p.m.56 views

CVE-2023-45590

An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website

9.6CVSS9.4AI score0.00732EPSS
CVE
CVE
added 2024/11/12 7:15 p.m.50 views

CVE-2024-36507

A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and social engineering.

7.8CVSS7.4AI score0.00024EPSS
CVE
CVE
added 2024/09/10 3:15 p.m.49 views

CVE-2022-45856

An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versio...

5.9CVSS7.1AI score0.00071EPSS
CVE
CVE
added 2024/04/10 1:51 p.m.47 views

CVE-2024-31492

An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.

8.2CVSS9.2AI score0.0008EPSS
CVE
CVE
added 2024/09/10 3:15 p.m.46 views

CVE-2024-35282

A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an unauthenticated attacker that has physical access to a jailbroken device to obtain clear...

4.6CVSS6AI score0.00041EPSS
CVE
CVE
added 2024/11/12 7:15 p.m.44 views

CVE-2024-40592

An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to swap the installer with a malicious package via a race condition du...

7.5CVSS6.6AI score0.00012EPSS
CVE
CVE
added 2024/11/12 7:15 p.m.37 views

CVE-2024-36513

A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts.

8.8CVSS7.1AI score0.00021EPSS