Fortinet

FortiClient

73 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2024-54019

Medienbericht
  • EPSS 0.03%
  • Veröffentlicht 10.06.2025 16:36:06
  • Zuletzt bearbeitet 25.07.2025 15:26:02

A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another form of re...

3.7

CVE-2025-24473

  • EPSS 0.07%
  • Veröffentlicht 28.05.2025 07:55:57
  • Zuletzt bearbeitet 04.06.2025 15:38:01

A exposure of sensitive system information to an unauthorized control sphere in Fortinet FortiClientWindows versions 7.2.0 through 7.2.1 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if ...

7.8

CVE-2025-25251

  • EPSS 0.02%
  • Veröffentlicht 28.05.2025 07:53:42
  • Zuletzt bearbeitet 04.06.2025 15:37:46

An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages.

7.8

CVE-2023-45588

  • EPSS 0.03%
  • Veröffentlicht 14.03.2025 15:46:35
  • Zuletzt bearbeitet 15.07.2025 17:03:46

An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file...

8.4

CVE-2024-52968

  • EPSS 0.05%
  • Veröffentlicht 11.02.2025 17:15:23
  • Zuletzt bearbeitet 16.07.2025 15:15:25

An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password.

6.7

CVE-2024-40586

  • EPSS 0.02%
  • Veröffentlicht 11.02.2025 17:15:22
  • Zuletzt bearbeitet 16.07.2025 15:11:18

An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via FortiSSLVPNd service pipe.

3.3

CVE-2024-50564

  • EPSS 0.03%
  • Veröffentlicht 14.01.2025 14:15:33
  • Zuletzt bearbeitet 11.06.2025 14:55:09

A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped.

7.8

CVE-2020-15934

  • EPSS 0.03%
  • Veröffentlicht 19.12.2024 11:15:06
  • Zuletzt bearbeitet 21.01.2025 20:38:47

An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the targ...

5

CVE-2024-50570

  • EPSS 0.01%
  • Veröffentlicht 18.12.2024 13:15:06
  • Zuletzt bearbeitet 24.07.2025 19:02:14

A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a...

7.8

CVE-2024-47574

  • EPSS 0.04%
  • Veröffentlicht 13.11.2024 12:15:16
  • Zuletzt bearbeitet 21.01.2025 22:21:03

A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code wit...