Vulnerabilities > Fortinet > Forticlient
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-06 | CVE-2019-16152 | Improper Input Validation vulnerability in Fortinet Forticlient A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated. | 6.5 |
| 2020-02-06 | CVE-2019-15711 | Unspecified vulnerability in Fortinet Forticlient A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process. | 7.8 |
| 2019-11-21 | CVE-2019-17650 | OS Command Injection vulnerability in Fortinet Forticlient An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check. | 7.8 |
| 2019-11-21 | CVE-2019-15704 | Missing Encryption of Sensitive Data vulnerability in Fortinet Forticlient A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway. | 5.5 |
| 2019-11-21 | CVE-2018-9195 | Use of Hard-coded Credentials vulnerability in Fortinet Fortios Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. | 5.9 |
| 2019-10-24 | CVE-2019-6692 | Uncontrolled Search Path Element vulnerability in Fortinet Forticlient A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform arbitrary code execution via forging that DLL. | 7.8 |
| 2019-05-30 | CVE-2018-9193 | Unspecified vulnerability in Fortinet Forticlient A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the parsing of the file. | 7.8 |
| 2019-05-30 | CVE-2018-9191 | Unspecified vulnerability in Fortinet Forticlient A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates. | 7.8 |
| 2019-05-30 | CVE-2018-13368 | Unspecified vulnerability in Fortinet Forticlient A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection. | 7.8 |
| 2019-05-28 | CVE-2019-5589 | Untrusted Search Path vulnerability in Fortinet Forticlient An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory. | 7.8 |