Fortinet Forticlient Endpoint Management Server vulnerabilities

6 known vulnerabilities affecting fortinet/forticlient_endpoint_management_server.

Total CVEs

6

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1

CVE-2024-21753MEDIUMCVSS 6.0≥ 1.2.1, ≤ 1.2.5≥ 6.0.0, ≤ 6.0.8+4 more2024-09-10

CVE-2024-21753 [MEDIUM] CWE-22 CVE-2024-21753: A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiCl A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1 through 1.2.5 allows attacker to perform a denial of service, read or write a limited number of files via specially crafted

CVE-2023-47534HIGHCVSS 8.8≥ 6.0.0, ≤ 6.0.8≥ 6.2.0, ≤ 6.2.9+3 more2024-03-12

CVE-2023-47534 [CRITICAL] CWE-1236 CVE-2023-47534: A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8 allows attacker to execute unauthorized code or commands via specially crafted packets.

CVE-2021-44172MEDIUMCVSS 5.3≥ 6.2.0, ≤ 6.2.9≥ 6.4.0, ≤ 6.4.9+2 more2023-09-13

CVE-2021-44172 [MEDIUM] CWE-200 CVE-2021-44172: An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path.

CVE-2021-41028HIGHCVSS 7.5≥ 6.2.0, ≤ 6.2.9≥ 6.4.0, ≤ 6.4.6+2 more2021-12-16

CVE-2021-41028 [HIGH] CWE-295 CVE-2021-41028: A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0 A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perfor

CVE-2021-24019CRITICALCVSS 9.8fixed in 6.2.9≥ 6.4.0, < 6.4.22021-10-06

CVE-2021-24019 [HIGH] CWE-613 CVE-2021-24019: An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and bel An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)

CVE-2020-15941MEDIUMCVSS 5.4fixed in 6.2.9≥ 6.4.0, < 6.4.22021-10-06

CVE-2020-15941 [MEDIUM] CWE-22 CVE-2020-15941: A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages.