Fortinet Forticlientwindows vulnerabilities

CVE-2022-26113 [HIGH] CWE-269 CVE-2022-26113: An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.10 may allow a local attacker to perform an arbitrary file write on the system.

CVE-2021-41031 [HIGH] CWE-22 CVE-2021-41031: A relative path traversal vulnerability [CWE-23] in FortiClient for Windows versions 7.0.2 and prior A relative path traversal vulnerability [CWE-23] in FortiClient for Windows versions 7.0.2 and prior, 6.4.6 and prior and 6.2.9 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for FortiESNAC service.

CVE-2021-43066 [HIGH] CWE-668 CVE-2021-43066: A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, vers A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer.

CVE-2021-44169 [HIGH] CWE-665 CVE-2021-44169: A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory.

CVE-2021-43204 [MEDIUM] CVE-2021-43204: A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 a A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2.9 and below, version 6.0.10 and below allows attacker to cause a complete denial of service of its components via changes of directory access permissions.

CVE-2021-36167 [MEDIUM] CVE-2021-36167: An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 an An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater.

CVE-2021-36183 [HIGH] CVE-2021-36183: An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and belo An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates.

CVE-2019-17658 [CRITICAL] CWE-428 CVE-2019-17658: An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.