Fortinet Forticlientlinux vulnerabilities

7 known vulnerabilities affecting fortinet/forticlientlinux.

Total CVEs

7

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH4MEDIUM2LOW1

Vulnerabilities

Page 1 of 1

CVE-2026-24018HIGHCVSS 7.8≥ 7.4.0, ≤ 7.4.4≥ 7.2.2, ≤ 7.2.122026-03-10

CVE-2026-24018 [HIGH] CWE-61 CVE-2026-24018: A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7. A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root.

CVE-2020-15934HIGHCVSS 7.8v6.4.0≥ 6.2.6, ≤ 6.2.7+3 more2024-12-19

CVE-2020-15934 [HIGH] CWE-269 CVE-2020-15934: An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux ve An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine.

CVE-2024-50570MEDIUMCVSS 5.0≥ 7.4.0, ≤ 7.4.2≥ 7.2.0, ≤ 7.2.7+1 more2024-12-18

CVE-2024-50570 [MEDIUM] CWE-312 CVE-2024-50570: A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 thr A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage colle

CVE-2024-31489HIGHCVSS 8.1v7.2.0≥ 7.0.0, ≤ 7.0.112024-09-10

CVE-2024-31489 [MEDIUM] CWE-295 CVE-2024-31489: AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2. AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel betwe

CVE-2022-45856MEDIUMCVSS 5.9≥ 7.2.0, ≤ 7.2.4≥ 7.0.0, ≤ 7.0.13+2 more2024-09-10

CVE-2022-45856 [MEDIUM] CWE-295 CVE-2022-45856: An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7 An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 a

CVE-2023-45590HIGHCVSS 8.8v7.2.0≥ 7.0.6, ≤ 7.0.10+1 more2024-04-09

CVE-2023-45590 [CRITICAL] CWE-94 CVE-2023-45590: An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7. An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website

CVE-2023-37939LOWCVSS 3.3v7.2.0≥ 7.0.6, ≤ 7.0.9+5 more2023-10-10

CVE-2023-37939 [LOW] CWE-200 CVE-2023-37939: An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated