All the vulnerabilites related to Fortinet - FortiClientLinux
cve-2024-31489
Vulnerability from cvelistv5
Published
2024-09-10 14:37
Modified
2024-09-10 17:52
Severity ?
EPSS score ?
Summary
AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation
References
Impacted products
| Vendor | Product | Version | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Fortinet | FortiClientMac |
Version: 7.2.0 ≤ 7.2.4 Version: 7.0.0 ≤ 7.0.11 |
||||||||||||
|
|||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientmac:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "forticlientmac",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.0.11",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientlinux:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "forticlientlinux",
"vendor": "fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"lessThanOrEqual": "7.0.11",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientwindows:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "forticlientwindows",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.2",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.0.11",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:47:00.423144Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T17:52:01.310Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.11",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientEMS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientLinux",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"lessThanOrEqual": "7.0.11",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientWindows",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.2",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.11",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:37:48.066Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-22-282",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-282"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientMac version 7.2.5 or above \nPlease upgrade to FortiClientMac version 7.0.12 or above \nPlease upgrade to FortiClientEMS version 7.2.0 or above \nPlease upgrade to FortiClientLinux version 7.2.1 or above \nPlease upgrade to FortiClientLinux version 7.0.12 or above \nPlease upgrade to FortiClientWindows version 7.2.3 or above \nPlease upgrade to FortiClientWindows version 7.0.12 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-31489",
"datePublished": "2024-09-10T14:37:48.066Z",
"dateReserved": "2024-04-04T12:52:41.585Z",
"dateUpdated": "2024-09-10T17:52:01.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45590
Vulnerability from cvelistv5
Published
2024-04-09 14:24
Modified
2024-08-12 17:46
Severity ?
EPSS score ?
Summary
An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Fortinet | FortiClientLinux |
Version: 7.2.0 Version: 7.0.6 ≤ 7.0.10 Version: 7.0.3 ≤ 7.0.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-087",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-23-087"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*"
],
"defaultStatus": "unaffected",
"product": "forticlient",
"vendor": "fortinet",
"versions": [
{
"lessThan": "7.0.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "7.0.4",
"status": "affected",
"version": "7.0.3",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:linux:*:*"
],
"defaultStatus": "unaffected",
"product": "forticlient",
"vendor": "fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45590",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-11T04:01:08.566633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T17:46:37.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiClientLinux",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.4",
"status": "affected",
"version": "7.0.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper control of generation of code (\u0027code injection\u0027) in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T14:24:19.922Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-087",
"url": "https://fortiguard.com/psirt/FG-IR-23-087"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientLinux version 7.2.1 or above \nPlease upgrade to FortiClientLinux version 7.0.11 or above \n"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-45590",
"datePublished": "2024-04-09T14:24:19.922Z",
"dateReserved": "2023-10-09T08:01:29.297Z",
"dateUpdated": "2024-08-12T17:46:37.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-50570
Vulnerability from cvelistv5
Published
2024-12-18 12:44
Modified
2024-12-18 14:44
Severity ?
EPSS score ?
Summary
A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector
References
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Fortinet | FortiClientMac |
Version: 7.4.0 ≤ 7.4.2 Version: 7.2.0 ≤ 7.2.7 Version: 7.0.0 ≤ 7.0.14 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50570",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-18T14:30:59.618705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T14:44:04.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.7",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.14",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientLinux",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.7",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientWindows",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript\u0027s garbage collector"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N/E:F/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T12:44:38.644Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-278",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-278"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientLinux version 7.4.3 or above \nPlease upgrade to FortiClientLinux version 7.2.8 or above \nPlease upgrade to FortiClientLinux version 7.0.14 or above \nPlease upgrade to FortiClientWindows version 7.4.2 or above \nPlease upgrade to FortiClientWindows version 7.2.7 or above \nPlease upgrade to FortiClientWindows version 7.0.14 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-50570",
"datePublished": "2024-12-18T12:44:38.644Z",
"dateReserved": "2024-10-24T11:52:14.402Z",
"dateUpdated": "2024-12-18T14:44:04.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37939
Vulnerability from cvelistv5
Published
2023-10-10 16:50
Modified
2024-09-18 20:26
Severity ?
EPSS score ?
Summary
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning.
References
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Fortinet | FortiClientMac |
Version: 7.2.0 ≤ 7.2.1 Version: 7.0.0 ≤ 7.0.9 Version: 6.4.0 ≤ 6.4.10 Version: 6.2.0 ≤ 6.2.9 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-235",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-235"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T20:26:36.640081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T20:26:45.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.9",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.9",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FortiClientWindows",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"lessThanOrEqual": "7.0.9",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.9",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FortiClientLinux",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"lessThanOrEqual": "7.0.9",
"status": "affected",
"version": "7.0.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.4",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.9",
"status": "affected",
"version": "6.4.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.4",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.9",
"status": "affected",
"version": "6.2.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.4",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in\u00a0FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of\u00a0files or folders excluded from malware scanning."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T16:50:04.463Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-235",
"url": "https://fortiguard.com/psirt/FG-IR-22-235"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientMac version 7.2.2 or above Please upgrade to FortiClientWindows version 7.2.1 or above Please upgrade to FortiClientLinux version 7.2.1 or above "
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-37939",
"datePublished": "2023-10-10T16:50:04.463Z",
"dateReserved": "2023-07-11T08:16:54.093Z",
"dateUpdated": "2024-09-18T20:26:45.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15934
Vulnerability from cvelistv5
Published
2024-12-19 10:57
Modified
2024-12-20 17:23
Severity ?
EPSS score ?
Summary
An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Fortinet | FortiClientLinux |
Version: 6.4.0 Version: 6.2.6 ≤ 6.2.7 Version: 6.2.0 ≤ 6.2.4 Version: 6.0.8 Version: 6.0.0 ≤ 6.0.6 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-15934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T17:22:49.806588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T17:23:40.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientLinux",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "6.4.0"
},
{
"lessThanOrEqual": "6.2.7",
"status": "affected",
"version": "6.2.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.4",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.0.8"
},
{
"lessThanOrEqual": "6.0.6",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T10:57:39.255Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://www.fortiguard.com/psirt/FG-IR-20-110",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-110"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClient for Linux versions 6.2.8 or above. \r\nPlease upgrade to FortiClient for Linux versions 6.4.1 or above."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2020-15934",
"datePublished": "2024-12-19T10:57:39.255Z",
"dateReserved": "2020-07-24T00:00:00.000Z",
"dateUpdated": "2024-12-20T17:23:40.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-45856
Vulnerability from cvelistv5
Published
2024-09-10 14:37
Modified
2024-09-10 19:01
Severity ?
EPSS score ?
Summary
An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and both the service provider and the identity provider.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Fortinet | FortiClientiOS |
Version: 7.0.3 ≤ 7.0.6 Version: 7.0.0 ≤ 7.0.1 Version: 6.0.0 ≤ 6.0.1 Version: 5.6.5 ≤ 5.6.6 Version: 5.6.0 ≤ 5.6.1 Version: 5.4.3 ≤ 5.4.4 Version: 5.4.0 ≤ 5.4.1 Version: 5.2.0 ≤ 5.2.3 Version: 5.0.0 ≤ 5.0.3 Version: 4.0.0 ≤ 4.0.2 Version: 2.0.0 ≤ 2.0.1 cpe:2.3:a:fortinet:forticlientios:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.6.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.6.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:4.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:4.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:2.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:2.0.0:*:*:*:*:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45856",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T19:01:07.692905Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T19:01:23.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientios:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.6.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.6.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:4.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:4.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:4.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:2.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:2.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiClientiOS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.1",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.6.6",
"status": "affected",
"version": "5.6.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.6.1",
"status": "affected",
"version": "5.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.4",
"status": "affected",
"version": "5.4.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.1",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.3",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.0.3",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.2",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientAndroid",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"lessThanOrEqual": "7.0.7",
"status": "affected",
"version": "7.0.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.2",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "6.4.6"
},
{
"status": "affected",
"version": "6.4.4"
},
{
"status": "affected",
"version": "6.4.1"
},
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "5.6.0"
},
{
"lessThanOrEqual": "5.4.2",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.8",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.0.3",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientLinux",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.9",
"status": "affected",
"version": "6.4.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.4",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientWindows",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to\u00a0man-in-the-middle the communication between the FortiClient and\u00a0 both the service provider and the identity provider."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:37:48.663Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-22-230",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-230"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientAndroid version 7.2.1 or above \nPlease upgrade to FortiClientiOS version 7.0.7 or above \nPlease upgrade to FortiClientMac version 7.4.0 or above \nPlease upgrade to FortiClientMac version 7.2.5 or above \nPlease upgrade to FortiClientLinux version 7.4.0 or above \nPlease upgrade to FortiClientLinux version 7.2.5 or above \nPlease upgrade to FortiClientWindows version 7.2.0 or above \nPlease upgrade to FortiClientWindows version 7.0.8 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-45856",
"datePublished": "2024-09-10T14:37:48.663Z",
"dateReserved": "2022-11-23T14:57:05.612Z",
"dateUpdated": "2024-09-10T19:01:23.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}