Fortinet

FortiClient

81 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2017-7344

Exploit
  • EPSS 1.27%
  • Veröffentlicht 14.12.2017 18:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an un...

9

CVE-2016-8493

  • EPSS 0.59%
  • Veröffentlicht 26.06.2017 17:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability.

7.8

CVE-2015-7362

  • EPSS 0.04%
  • Veröffentlicht 08.01.2016 19:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Fortinet FortiClient Linux SSLVPN before build 2313, when installed on Linux in a home directory that is world readable and executable, allows local users to gain privileges via the helper/subroc setuid program.

7.2

CVE-2015-5737

  • EPSS 0.06%
  • Veröffentlicht 03.09.2015 14:59:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, ...

7.2

CVE-2015-5736

  • EPSS 1.78%
  • Veröffentlicht 03.09.2015 14:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call.

7.2

CVE-2015-5735

  • EPSS 0.06%
  • Veröffentlicht 03.09.2015 14:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to write to arbitrary memory locations via a 0x226108 ioctl call.

2.1

CVE-2015-4077

  • EPSS 0.56%
  • Veröffentlicht 03.09.2015 14:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call.

4.3

CVE-2015-1570

Exploit
  • EPSS 0.13%
  • Veröffentlicht 10.02.2015 20:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate.

4.3

CVE-2015-1569

Exploit
  • EPSS 0.13%
  • Veröffentlicht 10.02.2015 20:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate.

5

CVE-2015-1453

Exploit
  • EPSS 0.16%
  • Veröffentlicht 02.02.2015 16:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Sha...