Skip to main content

Forticlient

53 CVEs product

Monthly

CVE-2026-24018 HIGH This Week

following vulnerability in Fortinet FortiClientLinux 7.4.0 versions up to 7.4.4 contains a vulnerability that allows attackers to a local and unprivileged user to escalate their privileges to root (CVSS 7.8).

Fortinet Privilege Escalation Forticlient
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-62676 HIGH This Week

Forticlient versions up to 7.4.4 is affected by improper link resolution before file access (CVSS 7.1).

Fortinet Windows Forticlient
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-54660 MEDIUM This Month

An active debug code vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.10, FortiClientWindows 7.0 all versions may allow a local attacker to run. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Information Disclosure Forticlient Windows
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-47761 HIGH This Month

An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an. Rated high severity (CVSS 7.8). No vendor patch available.

Fortinet Microsoft Authentication Bypass Forticlient Windows
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-46373 HIGH This Month

A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.8 may allow an authenticated local IPSec. Rated high severity (CVSS 7.8). No vendor patch available.

Buffer Overflow RCE Microsoft Heap Overflow Fortinet +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-54019 MEDIUM This Month

A security vulnerability in Fortinet FortiClientWindows (CVSS 4.8) that allows an unauthorized attacker. Remediation should follow standard vulnerability management procedures.

Fortinet Authentication Bypass Forticlient Windows
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-25251 HIGH This Month

An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Forticlient
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-24473 LOW Monitor

A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Fortinet Forticlient Windows
NVD
CVSS 3.1
3.7
EPSS
0.2%
CVE-2024-35281 LOW Monitor

An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions. Rated low severity (CVSS 2.5). No vendor patch available.

Code Injection Forticlient Fortifone Softclient
NVD
CVSS 3.1
2.5
EPSS
0.1%
CVE-2023-45588 HIGH This Week

An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Forticlient
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2024-52968 MEDIUM This Month

An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Fortinet Forticlient macOS
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-40586 MEDIUM This Month

An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Fortinet Forticlient Windows
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-50564 LOW Monitor

A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fortinet Forticlient Windows
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-50570 MEDIUM This Month

A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2,. Rated medium severity (CVSS 5.0). No vendor patch available.

Information Disclosure Forticlient
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2024-47574 HIGH This Week

A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass RCE Fortinet Forticlient
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-40592 MEDIUM This Month

An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a. Rated medium severity (CVSS 6.7). No vendor patch available.

Apple Jwt Attack Information Disclosure Fortinet Forticlient
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-36513 HIGH This Week

A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fortinet Microsoft Forticlient
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-36507 HIGH This Week

A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Fortinet Forticlient
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-35282 MEDIUM This Month

A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Fortinet Information Disclosure Forticlient
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-31489 HIGH This Week

AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Fortinet Information Disclosure Forticlient
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-3661 HIGH POC This Week

DHCP can add routes to a client’s routing table via the classless static route option (121). Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Forticlient Anyconnect Vpn Client Secure Client Globalprotect +5
NVD
CVSS 3.1
7.6
EPSS
4.1%
CVE-2024-31492 HIGH This Week

An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Forticlient
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-41840 HIGH This Week

A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Fortinet OpenSSL Information Disclosure Forticlient
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-33304 MEDIUM This Month

A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Microsoft Authentication Bypass Forticlient
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-37939 LOW Monitor

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Information Disclosure Microsoft Forticlient
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-22635 HIGH This Week

A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Forticlient
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-33878 MEDIUM PATCH This Month

An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Fortinet Information Disclosure Forticlient
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-41028 HIGH This Week

A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Forticlient Forticlient Endpoint Management Server
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2021-36167 MEDIUM PATCH This Month

An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Fortinet Authentication Bypass Forticlient
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-43204 MEDIUM PATCH This Month

A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2.9 and below, version 6.0.10 and below allows attacker to cause a complete. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Fortinet Forticlient
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2021-32592 HIGH This Week

An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Forticlient Forticlient Enterprise Management Server
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-42754 MEDIUM This Month

An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Apple RCE Code Injection Forticlient
NVD
CVSS 3.1
5.0
EPSS
0.4%
CVE-2021-36183 HIGH This Week

An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Fortinet Forticlient
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-26089 HIGH This Week

An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Information Disclosure Forticlient
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-9291 HIGH This Week

An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Microsoft Information Disclosure Forticlient
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-9290 HIGH This Week

An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Fortinet RCE Microsoft Forticlient Forticlient Virtual Private Network
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-17650 HIGH This Week

An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Command Injection Forticlient
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-15704 MEDIUM This Month

A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Information Disclosure Forticlient
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-6692 HIGH This Week

A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform arbitrary code execution via forging that DLL. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Fortinet Microsoft RCE Forticlient
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-5589 HIGH This Week

An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Fortinet Microsoft RCE Forticlient
NVD
CVSS 3.0
7.8
EPSS
2.6%
CVE-2019-5585 MEDIUM This Month

An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Forticlient
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-14184 HIGH This Week

An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Fortinet Information Disclosure Forticlient Forticlient Sslvpn Client
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2017-7344 HIGH POC This Week

A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Fortinet Forticlient
NVD
CVSS 3.0
8.1
EPSS
1.3%
CVE-2016-8493 HIGH This Week

In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Forticlient
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2015-7362 HIGH This Week

Fortinet FortiClient Linux SSLVPN before build 2313, when installed on Linux in a home directory that is world readable and executable, allows local users to gain privileges via the helper/subroc. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fortinet Forticlient
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2015-5737 HIGH This Week

The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Privilege Escalation Microsoft Forticlient
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-5736 HIGH POC This Week

The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Fortinet Forticlient
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
2.5%
CVE-2015-5735 HIGH This Week

The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to write to arbitrary memory locations via a. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fortinet Forticlient
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-4077 LOW POC Monitor

The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fortinet Forticlient
NVD Exploit-DB
CVSS 2.0
2.1
EPSS
0.2%
CVE-2015-1570 MEDIUM POC This Month

The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apple Google Information Disclosure Fortinet Forticlient
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2015-1569 MEDIUM POC This Month

Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apple Information Disclosure Fortinet Forticlient
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2015-1453 MEDIUM POC This Month

The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Fortinet Forticlient
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-4669 MEDIUM This Month

FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Fortinet Google Microsoft Authentication Bypass Forticlient +2
NVD
CVSS 2.0
5.4
EPSS
0.2%
EPSS 0% CVSS 7.8
HIGH This Week

following vulnerability in Fortinet FortiClientLinux 7.4.0 versions up to 7.4.4 contains a vulnerability that allows attackers to a local and unprivileged user to escalate their privileges to root (CVSS 7.8).

Fortinet Privilege Escalation Forticlient
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Forticlient versions up to 7.4.4 is affected by improper link resolution before file access (CVSS 7.1).

Fortinet Windows Forticlient
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An active debug code vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.10, FortiClientWindows 7.0 all versions may allow a local attacker to run. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Information Disclosure Forticlient +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an. Rated high severity (CVSS 7.8). No vendor patch available.

Fortinet Microsoft Authentication Bypass +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.8 may allow an authenticated local IPSec. Rated high severity (CVSS 7.8). No vendor patch available.

Buffer Overflow RCE Microsoft +4
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

A security vulnerability in Fortinet FortiClientWindows (CVSS 4.8) that allows an unauthorized attacker. Remediation should follow standard vulnerability management procedures.

Fortinet Authentication Bypass Forticlient +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Forticlient
NVD
EPSS 0% CVSS 3.7
LOW Monitor

A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Fortinet +2
NVD
EPSS 0% CVSS 2.5
LOW Monitor

An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions. Rated low severity (CVSS 2.5). No vendor patch available.

Code Injection Forticlient Fortifone Softclient
NVD
EPSS 0% CVSS 8.2
HIGH This Week

An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Forticlient
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Fortinet +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Fortinet +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fortinet Forticlient +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2,. Rated medium severity (CVSS 5.0). No vendor patch available.

Information Disclosure Forticlient
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass RCE Fortinet +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a. Rated medium severity (CVSS 6.7). No vendor patch available.

Apple Jwt Attack Information Disclosure +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fortinet Microsoft +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Fortinet Forticlient
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Fortinet Information Disclosure +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Fortinet Information Disclosure Forticlient
NVD
EPSS 4% CVSS 7.6
HIGH POC This Week

DHCP can add routes to a client’s routing table via the classless static route option (121). Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Forticlient Anyconnect Vpn Client +7
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Forticlient
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Fortinet OpenSSL Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Microsoft Authentication Bypass +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Information Disclosure Microsoft +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Forticlient
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Fortinet Information Disclosure Forticlient
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Forticlient Forticlient Endpoint Management Server
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Fortinet Authentication Bypass +1
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2.9 and below, version 6.0.10 and below allows attacker to cause a complete. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Fortinet Forticlient
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Forticlient +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Apple RCE Code Injection +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Fortinet +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Information Disclosure Forticlient
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Microsoft Information Disclosure +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Fortinet RCE Microsoft +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Command Injection Forticlient
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Information Disclosure Forticlient
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform arbitrary code execution via forging that DLL. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Fortinet Microsoft RCE +1
NVD
EPSS 3% CVSS 7.8
HIGH This Week

An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Fortinet Microsoft RCE +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Forticlient
NVD
EPSS 2% CVSS 8.8
HIGH This Week

An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Fortinet Information Disclosure +2
NVD
EPSS 1% CVSS 8.1
HIGH POC This Week

A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Fortinet +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Forticlient
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Fortinet FortiClient Linux SSLVPN before build 2313, when installed on Linux in a home directory that is world readable and executable, allows local users to gain privileges via the helper/subroc. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fortinet Forticlient
NVD
EPSS 0% CVSS 7.2
HIGH This Week

The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Privilege Escalation Microsoft +1
NVD
EPSS 3% CVSS 7.2
HIGH POC This Week

The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Fortinet +1
NVD Exploit-DB
EPSS 0% CVSS 7.2
HIGH This Week

The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to write to arbitrary memory locations via a. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fortinet Forticlient
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fortinet Forticlient
NVD Exploit-DB
EPSS 0% CVSS 4.3
MEDIUM POC This Month

The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apple Google Information Disclosure +2
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apple Information Disclosure Fortinet +1
NVD
EPSS 0% CVSS 5.0
MEDIUM POC This Month

The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Fortinet +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Fortinet Google Microsoft +4
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy