Fortinet

FortiClient

73 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2024-54019

Media report
  • EPSS 0.03%
  • Published 10.06.2025 16:36:06
  • Last modified 25.07.2025 15:26:02

A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another form of re...

3.7

CVE-2025-24473

  • EPSS 0.07%
  • Published 28.05.2025 07:55:57
  • Last modified 04.06.2025 15:38:01

A exposure of sensitive system information to an unauthorized control sphere in Fortinet FortiClientWindows versions 7.2.0 through 7.2.1 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if ...

7.8

CVE-2025-25251

  • EPSS 0.02%
  • Published 28.05.2025 07:53:42
  • Last modified 04.06.2025 15:37:46

An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages.

7.8

CVE-2023-45588

  • EPSS 0.03%
  • Published 14.03.2025 15:46:35
  • Last modified 15.07.2025 17:03:46

An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file...

8.4

CVE-2024-52968

  • EPSS 0.05%
  • Published 11.02.2025 17:15:23
  • Last modified 16.07.2025 15:15:25

An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password.

6.7

CVE-2024-40586

  • EPSS 0.02%
  • Published 11.02.2025 17:15:22
  • Last modified 16.07.2025 15:11:18

An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via FortiSSLVPNd service pipe.

3.3

CVE-2024-50564

  • EPSS 0.03%
  • Published 14.01.2025 14:15:33
  • Last modified 11.06.2025 14:55:09

A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped.

7.8

CVE-2020-15934

  • EPSS 0.03%
  • Published 19.12.2024 11:15:06
  • Last modified 21.01.2025 20:38:47

An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the targ...

5

CVE-2024-50570

  • EPSS 0.01%
  • Published 18.12.2024 13:15:06
  • Last modified 24.07.2025 19:02:14

A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a...

7.8

CVE-2024-47574

  • EPSS 0.04%
  • Published 13.11.2024 12:15:16
  • Last modified 21.01.2025 22:21:03

A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code wit...