📦 Forticlient

This vulnerability allows remote code execution on FortiClientLinux installations through code injection. Attackers can execute arbitrary code by tricking users into visiting malicious websites. Affec...

A local privilege escalation vulnerability in Fortinet FortiClient for Windows allows low-privileged attackers to write arbitrary files with elevated permissions via crafted named pipe messages. This ...

This vulnerability allows authenticated local users on Windows systems to execute arbitrary code through FortiClient's fortips driver when an IPSec VPN connection is active. It affects FortiClientWind...

A heap-based buffer overflow vulnerability in Fortinet FortiClient for Windows allows authenticated local IPSec users to execute arbitrary code or commands via the fortips_74.sys driver. This affects ...

A local privilege escalation vulnerability in FortiClient for macOS allows authenticated local users to gain elevated privileges by exploiting improper cryptographic signature verification in FortiCli...

A local privilege escalation vulnerability in FortiClient for macOS allows attackers with local access to gain elevated privileges by sending specially crafted XPC messages. This affects FortiClient M...

This vulnerability allows a local attacker to execute arbitrary code or commands on macOS systems running vulnerable FortiClient versions. Attackers can exploit this by placing a malicious configurati...

A local privilege escalation vulnerability in FortiClient for Linux allows local users to execute arbitrary code with root privileges by exploiting the VCM engine. This affects FortiClient for Linux v...

This CVE describes a DLL hijacking vulnerability in Fortinet FortiClient for Windows where an attacker can place a malicious DLL in a location that FortiClient searches before legitimate system direct...

This vulnerability in FortiClient for Windows allows authenticated users to escalate privileges through Lua auto patch scripts. It affects FortiClient Windows versions 7.2.4 and below, 7.0.12 and belo...

This vulnerability in Fortinet FortiClient for Windows allows attackers to cause denial of service by sending specially crafted requests to a specific named pipe. The flaw stems from incorrect authori...

This CVE describes a DLL hijacking vulnerability in Fortinet FortiClient for Windows where an attacker can place a malicious OpenSSL engine library in a search path location. This allows execution of ...

This vulnerability allows a local authenticated attacker to modify files in the FortiClient or FortiConverter installation folder when installed in an insecure location. It affects Windows installatio...

This vulnerability in FortiClient for macOS allows local attackers to escalate privileges by modifying the installer during an upgrade process. It affects all versions of FortiClientMac from 4.0 throu...

This CVE describes a relative path traversal vulnerability in Fortinet FortiClient for Windows that allows attackers to execute arbitrary code or commands by sending crafted requests to a specific nam...

This CVE describes two vulnerabilities in Fortinet FortiClient for Windows: an incorrect permission assignment (CWE-732) and a TOCTOU race condition (CWE-367). Attackers on the same file sharing netwo...

This vulnerability in FortiClient for Windows allows a local attacker to write arbitrary files to the system due to unnecessary privileges. It affects FortiClient versions 7.0.0-7.0.3, 6.4.0-6.4.7, 6....

A local privilege escalation vulnerability in FortiClient for Windows allows unprivileged local attackers to gain SYSTEM-level privileges by exploiting a relative path traversal flaw in the FortiESNAC...

This vulnerability in Fortinet FortiClient for Windows allows attackers to escalate privileges via the MSI installer by controlling file names or paths. It affects users running vulnerable versions of...

This vulnerability allows an unauthenticated attacker to execute arbitrary code as root on Linux systems running vulnerable FortiClient versions by tricking a user into connecting to a maliciously nam...

This vulnerability allows attackers to gain administrative privileges on Windows systems running vulnerable FortiClient versions by placing a malicious executable in the FortiClient installer director...

This vulnerability allows an unauthenticated attacker on the same network to perform a man-in-the-middle attack between FortiClientEMS and FortiClient endpoints via the telemetry protocol, potentially...

This vulnerability allows a local unprivileged attacker on Windows systems running vulnerable FortiClient versions to escalate privileges to SYSTEM level by exploiting improper authorization in the na...

An active debug code vulnerability in Fortinet FortiClient for Windows allows local attackers to step through the application execution and retrieve saved VPN user passwords. This affects FortiClientW...

This vulnerability allows a local low-privileged user on Windows systems to perform DLL hijacking attacks by placing malicious DLLs in the FortiClient Online Installer installation folder. It affects ...

This CVE describes a code injection vulnerability in FortiClientMac that allows unauthenticated attackers to execute arbitrary code by tricking users into visiting malicious websites. It affects Forti...

This vulnerability in Fortinet FortiClient for Windows allows attackers to redirect VPN connections through DNS spoofing or other redirection methods due to improper certificate hostname validation. A...

This vulnerability allows attackers to bypass authentication on macOS systems running vulnerable FortiClient versions by using an empty password. It affects all macOS users running FortiClientMac 7.0....

This CVE describes an improper access control vulnerability in FortiClient for Windows that allows local users to escalate privileges via the FortiSSLVPNd service pipe. It affects FortiClient Windows ...

This vulnerability allows local authenticated users on Windows or Linux systems running affected FortiClient versions to retrieve VPN passwords via memory dump due to JavaScript garbage collection iss...

This vulnerability allows remote unauthenticated attackers to perform man-in-the-middle attacks during ZTNA tunnel creation between FortiGate and FortiClient. Attackers can intercept and potentially m...

This vulnerability allows authenticated attackers to inject code via Electron environment variables in Fortinet desktop applications. It affects FortiClientMac versions 7.4.2 and below, 7.2.8 and belo...