Forticlient

forticlient

Vendor: Fortinet • 85 CVEs

CVEs (85)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-44278 1Fortinet 1Forticlient May 16, 2026 May 12, 2026 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via <insert attack vector here>
CVE-2026-24018 1Fortinet 1Forticlient Mar 13, 2026 Mar 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root.
CVE-2025-62676 1Fortinet 1Forticlient Feb 12, 2026 Feb 10, 2026 N/A· v4 7.1 HIGH· v3 N/A· v2 An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.4, FortiClientWindows 7.2.0 through 7.2.12, FortiClientWindows 7.0 a...Show more An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.4, FortiClientWindows 7.2.0 through 7.2.12, FortiClientWindows 7.0 all versions may allow a local low-privilege attacker to perform an arbitrary file write with elevated permissions via crafted named pipe messages.Show less
CVE-2025-54660 1Fortinet 1Forticlient Nov 20, 2025 Nov 18, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An active debug code vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.10, FortiClientWindows 7.0 all versions may allow a local attacker to run the application step b...Show more An active debug code vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.10, FortiClientWindows 7.0 all versions may allow a local attacker to run the application step by step and retrieve the saved VPN user passwordShow less
CVE-2025-47761 1Fortinet 1Forticlient Dec 16, 2025 Nov 18, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenticated local user to...Show more An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack would require bypassing the Windows memory protections such as Heap integrity and HSP. In addition, it requires a valid and running VPN IPSec connection.Show less
CVE-2025-46373 1Fortinet 1Forticlient Dec 16, 2025 Nov 18, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.8 may allow an authenticated local IPSec user to execute arbitra...Show more A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.8 may allow an authenticated local IPSec user to execute arbitrary code or commands via "fortips_74.sys". The attacker would need to bypass the Windows heap integrity protectionsShow less
CVE-2025-57741 1Fortinet 1Forticlient Oct 15, 2025 Oct 14, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitrary code or commands...Show more An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitrary code or commands via LaunchDaemon hijacking.Show less
CVE-2025-57716 1Fortinet 1Forticlient Oct 15, 2025 Oct 14, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local low privileged user to perform a DLL hijacking attack via p...Show more An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local low privileged user to perform a DLL hijacking attack via placing a malicious DLL to the FortiClient Online Installer installation folder.Show less
CVE-2025-46774 1Fortinet 1Forticlient Oct 22, 2025 Oct 14, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 7.4.2 and below, version 7.2.9 and below, 7.0 all versions may allow a local user to escalate their privi...Show more An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 7.4.2 and below, version 7.2.9 and below, 7.0 all versions may allow a local user to escalate their privileges via FortiClient related executables.Show less
CVE-2025-31365 1Fortinet 1Forticlient Oct 15, 2025 Oct 14, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 through 7.2.8 may allow an unauthenticated attacker to execute arbitrary code on the victim...Show more An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 through 7.2.8 may allow an unauthenticated attacker to execute arbitrary code on the victim's host via tricking the user into visiting a malicious website.Show less
CVE-2024-54019 1Fortinet 1Forticlient Jul 25, 2025 Jun 10, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN connections via DNS...Show more A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another form of redirection.Show less
CVE-2025-25251 1Fortinet 1Forticlient Jun 4, 2025 May 28, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages.
CVE-2025-24473 1Fortinet 1Forticlient Jan 8, 2026 May 28, 2025 N/A· v4 3.7 LOW· v3 N/A· v2 A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an unauthorized remote att...Show more A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup)Show less
CVE-2024-35281 1Fortinet 2Forticlient Fortifone Softclient Nov 19, 2025 May 13, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may...Show more An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variables.Show less
CVE-2023-45588 1Fortinet 1Forticlient Jul 15, 2025 Mar 14, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing...Show more An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.Show less
CVE-2024-52968 1Fortinet 1Forticlient Jul 16, 2025 Feb 11, 2025 N/A· v4 8.4 HIGH· v3 N/A· v2 An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password.
CVE-2024-40586 1Fortinet 1Forticlient Jul 16, 2025 Feb 11, 2025 N/A· v4 6.7 MEDIUM· v3 N/A· v2 An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via FortiSSLVPNd service pipe.
CVE-2024-50564 1Fortinet 1Forticlient Jun 11, 2025 Jan 14, 2025 N/A· v4 3.3 LOW· v3 N/A· v2 A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via...Show more A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped.Show less
CVE-2020-15934 1Fortinet 1Forticlient Jan 21, 2025 Dec 19, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious...Show more An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine.Show less
CVE-2024-50570 1Fortinet 1Forticlient Jul 24, 2025 Dec 18, 2024 N/A· v4 5.0 MEDIUM· v3 N/A· v2 A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0...Show more A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collectorShow less

12 3 4 5 Next