Vulnerabilities > Fortinet > Forticlient > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-19 | CVE-2020-15934 | Improper Privilege Management vulnerability in Fortinet Forticlient An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. | 7.8 |
| 2024-11-13 | CVE-2024-47574 | Missing Authentication for Critical Function vulnerability in Fortinet Forticlient A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages. | 7.8 |
| 2024-11-12 | CVE-2024-36507 | Untrusted Search Path vulnerability in Fortinet Forticlient A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and social engineering. | 7.8 |
| 2024-11-12 | CVE-2024-36513 | Privilege Context Switching Error vulnerability in Fortinet Forticlient A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts. | 8.8 |
| 2024-09-10 | CVE-2024-31489 | Improper Certificate Validation vulnerability in Fortinet Forticlient AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation | 8.1 |
| 2024-05-06 | CVE-2024-3661 | Missing Authentication for Critical Function vulnerability in multiple products DHCP can add routes to a client’s routing table via the classless static route option (121). | 7.6 |
| 2024-04-10 | CVE-2024-31492 | Unspecified vulnerability in Fortinet Forticlient An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. | 7.8 |
| 2024-04-09 | CVE-2023-45590 | Unspecified vulnerability in Fortinet Forticlient An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website | 8.8 |
| 2023-11-14 | CVE-2022-40681 | Unspecified vulnerability in Fortinet Forticlient A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to cause denial of service via sending a crafted request to a specific named pipe. | 7.1 |
| 2023-11-14 | CVE-2023-41840 | Unspecified vulnerability in Fortinet Forticlient 7.0.9/7.2.0/7.2.1 A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path. | 7.8 |