Vulnerabilities > Fortinet > Forticlient

DATE CVE VULNERABILITY TITLE RISK
2021-12-01 CVE-2021-32592 Uncontrolled Search Path Element vulnerability in Fortinet products
An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path.
local
low complexity
fortinet CWE-427
7.8
2021-11-02 CVE-2021-36183 Unspecified vulnerability in Fortinet Forticlient
An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates.
local
low complexity
fortinet
7.8
2021-11-02 CVE-2021-42754 Code Injection vulnerability in Fortinet Forticlient
An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without the user permission via the malicious dylib file.
local
low complexity
fortinet CWE-94
5.0
2021-07-12 CVE-2021-26089 Link Following vulnerability in Fortinet Forticlient
An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase.
local
low complexity
fortinet CWE-59
7.8
2020-06-04 CVE-2019-16150 Use of Hard-coded Credentials vulnerability in Fortinet Forticlient
Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded key.
local
low complexity
fortinet CWE-798
5.5
2020-06-01 CVE-2020-9291 Exposure of Resource to Wrong Sphere vulnerability in Fortinet Forticlient
An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.
local
low complexity
fortinet CWE-668
7.8
2020-03-15 CVE-2020-9290 Uncontrolled Search Path Element vulnerability in Fortinet Forticlient
An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.
local
low complexity
fortinet CWE-427
7.8
2020-03-12 CVE-2019-17658 Unquoted Search Path or Element vulnerability in Fortinet Forticlient
An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.
network
low complexity
fortinet CWE-428
critical
9.8
2020-02-07 CVE-2019-16155 Unspecified vulnerability in Fortinet Forticlient
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process.
local
low complexity
fortinet
7.1
2020-02-06 CVE-2019-17652 Out-of-bounds Write vulnerability in Fortinet Forticlient
A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "StartAvCustomScan" type IPC client requests to the fctsched process due the argv data not been well sanitized.
network
low complexity
fortinet CWE-787
6.5