Vulnerabilities > Fortinet > Forticlient > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-04 | CVE-2019-16150 | Use of Hard-coded Credentials vulnerability in Fortinet Forticlient Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded key. | 5.5 |
| 2020-02-06 | CVE-2019-17652 | Out-of-bounds Write vulnerability in Fortinet Forticlient A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "StartAvCustomScan" type IPC client requests to the fctsched process due the argv data not been well sanitized. | 6.5 |
| 2020-02-06 | CVE-2019-16152 | Improper Input Validation vulnerability in Fortinet Forticlient A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated. | 6.5 |
| 2019-11-21 | CVE-2019-15704 | Missing Encryption of Sensitive Data vulnerability in Fortinet Forticlient A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway. | 5.5 |
| 2019-11-21 | CVE-2018-9195 | Use of Hard-coded Credentials vulnerability in Fortinet Fortios Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. | 5.9 |
| 2019-02-08 | CVE-2018-9190 | NULL Pointer Dereference vulnerability in Fortinet Forticlient A null pointer dereference vulnerability in Fortinet FortiClientWindows 6.0.2 and earlier allows attacker to cause a denial of service via the NDIS miniport driver. | 5.5 |