Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
fortinet

forticlientlinux

25 Versions 6 CVEs

Versions

6.2.0

SEMANTIC 2 CVEs

6.4.9

SEMANTIC 2 CVEs

6.2.6

SEMANTIC 2 CVEs

6.0.8

SEMANTIC 1 CVE

7.2.4

SEMANTIC 1 CVE

7.2.0

SEMANTIC 5 CVEs

7.4.2

SEMANTIC 1 CVE

6.0.6

SEMANTIC 1 CVE

7.0.4

SEMANTIC 2 CVEs

6.2.9

SEMANTIC 1 CVE

7.0.10

SEMANTIC 1 CVE

7.0.13

SEMANTIC 2 CVEs

7.4.0

SEMANTIC 1 CVE

6.4.7

SEMANTIC 2 CVEs

7.0.0

SEMANTIC 4 CVEs

7.0.9

SEMANTIC 1 CVE

7.0.11

SEMANTIC 1 CVE

6.4.4

SEMANTIC 2 CVEs

7.0.3

SEMANTIC 1 CVE

6.0.0

SEMANTIC 1 CVE

6.4.0

SEMANTIC 3 CVEs

6.2.7

SEMANTIC 1 CVE

7.0.6

SEMANTIC 2 CVEs

7.2.7

SEMANTIC 1 CVE

6.2.4

SEMANTIC 2 CVEs

Recent CVEs

CVE-2020-15934

An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine.

HIGH Dec 19, 2024

CVE-2024-50570

A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector

MEDIUM Dec 18, 2024

CVE-2022-45856

An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and  both the service provider and the identity provider.

MEDIUM Sep 10, 2024

CVE-2024-31489

AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation

MEDIUM Sep 10, 2024

CVE-2023-45590

An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website

CRITICAL Apr 09, 2024

CVE-2023-37939

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning.

LOW Oct 10, 2023