VYPR

FortiClient Windows

by Fortinet

CVEs (16)

  • CVE-2021-43066HigMay 11, 2022
    risk 0.55cvss 8.4epss 0.00

    A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer.

  • CVE-2024-36513HigNov 12, 2024
    risk 0.53cvss 8.2epss 0.00

    A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts.

  • CVE-2021-41028HigDec 16, 2021
    risk 0.53cvss 8.2epss 0.00

    A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and…

  • CVE-2024-47574HigNov 13, 2024
    risk 0.51cvss 7.8epss 0.00

    A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed…

  • CVE-2021-32592HigDec 1, 2021
    risk 0.51cvss 7.8epss 0.00

    An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search…

  • CVE-2022-26113HigJul 19, 2022
    risk 0.50cvss 7.7epss 0.00

    An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.10 may allow a local attacker to perform an arbitrary file write on the system.

  • CVE-2022-43946HigApr 11, 2023
    risk 0.49cvss 7.5epss 0.01

    Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-check time-of-use (TOCTOU) race condition [CWE-367] vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file…

  • CVE-2024-36507HigNov 12, 2024
    risk 0.47cvss 7.3epss 0.00

    A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and social engineering.

  • CVE-2024-40586MedFeb 11, 2025
    risk 0.44cvss 6.7epss 0.00

    An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via FortiSSLVPNd service pipe.

  • CVE-2018-9190MedFeb 8, 2019
    risk 0.36cvss 5.5epss 0.00

    A null pointer dereference vulnerability in Fortinet FortiClientWindows 6.0.2 and earlier allows attacker to cause a denial of service via the NDIS miniport driver.

  • CVE-2024-50570MedDec 18, 2024
    risk 0.33cvss 5.0epss 0.00

    A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to…

  • CVE-2024-54019MedJun 10, 2025
    risk 0.31cvss 4.8epss 0.00

    A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another form of redirection.

  • CVE-2023-33304MedNov 14, 2023
    risk 0.29cvss 4.4epss 0.00

    A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials.

  • CVE-2021-43204MedDec 9, 2021
    risk 0.29cvss 4.4epss 0.00

    A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2.9 and below, version 6.0.10 and below allows attacker to cause a complete denial of service of its components via changes of directory access permissions.

  • CVE-2025-24473LowMay 28, 2025
    risk 0.24cvss 3.7epss 0.00

    A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an unauthorized remote attacker to view application information via navigation to a…

  • CVE-2024-50564LowJan 14, 2025
    risk 0.21cvss 3.3epss 0.00

    A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped.