Fortinet Forticlient For Windows vulnerabilities
7 known vulnerabilities affecting fortinet/fortinet_forticlient_for_windows.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH6MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2019-16150MEDIUMCVSS 5.5vFortiClient for Windows below 6.4.02020-06-04
CVE-2019-16150 [MEDIUM] CVE-2019-16150: Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6
Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded key.
cvelistv5
CVE-2020-9291HIGHCVSS 7.8vFortiClient for Windows 6.2.1 and earlier and FortiClient for Windows 6.0.9 and earlier2020-06-01
CVE-2020-9291 [HIGH] CWE-668 CVE-2020-9291: An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a loca
An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.
cvelistv5nvd
CVE-2020-9290HIGHCVSS 7.8v6.2.3 and below2020-03-15
CVE-2020-9290 [HIGH] CWE-427 CVE-2020-9290: An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may
An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.
cvelistv5nvd
CVE-2019-6692HIGHCVSS 7.8vFortiClient for Windows 6.2.0 and below2019-10-24
CVE-2019-6692 [HIGH] CVE-2019-6692: A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6
A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform arbitrary code execution via forging that DLL.
cvelistv5
CVE-2018-13368HIGHCVSS 7.8v6.0.4 and earlier2019-05-30
CVE-2018-13368 [HIGH] CVE-2018-13368: A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker t
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection.
cvelistv5nvd
CVE-2018-9191HIGHCVSS 7.8v6.0.4 and earlier2019-05-30
CVE-2018-9191 [HIGH] CVE-2018-9191: A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates.
cvelistv5nvd
CVE-2019-5589HIGHCVSS 7.8vFortiClient for Windows version below 6.0.62019-05-28
CVE-2019-5589 [HIGH] CWE-426 CVE-2019-5589: An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) m
An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory.
cvelistv5nvd