Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    14 vulnerabilities found for FortiClientLinux by Fortinet

    CVE-2026-24018 (GCVE-0-2026-24018)

    Vulnerability from nvd – Published: 2026-03-10 16:44 – Updated: 2026-03-11 13:08
    VLAI
    Summary
    A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-61 - Escalation of privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiClientLinux Affected: 7.4.0 , ≤ 7.4.4 (semver)
    Affected: 7.2.2 , ≤ 7.2.12 (semver)
        cpe:2.3:a:fortinet:forticlientlinux:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.2.2:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24018",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-11T03:56:55.161799Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T13:08:18.944Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:forticlientlinux:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.2.2:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiClientLinux",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.4",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-61",
                  "description": "Escalation of privilege",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T16:44:14.285Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-083",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-083"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to upcoming  FortiClientLinux version 8.0.0 or above\nUpgrade to FortiClientLinux version 7.4.5 or above\nUpgrade to FortiClientLinux version 7.2.13 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-24018",
        "datePublished": "2026-03-10T16:44:14.285Z",
        "dateReserved": "2026-01-20T11:13:10.549Z",
        "dateUpdated": "2026-03-11T13:08:18.944Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-15934 (GCVE-0-2020-15934)

    Vulnerability from nvd – Published: 2024-12-19 10:57 – Updated: 2024-12-20 17:23
    VLAI
    Summary
    An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Escalation of privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiClientLinux Affected: 6.4.0
    Affected: 6.2.6 , ≤ 6.2.7 (semver)
    Affected: 6.2.0 , ≤ 6.2.4 (semver)
    Affected: 6.0.8
    Affected: 6.0.0 , ≤ 6.0.6 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-15934",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-20T17:22:49.806588Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-20T17:23:40.395Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiClientLinux",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.4.0"
                },
                {
                  "lessThanOrEqual": "6.2.7",
                  "status": "affected",
                  "version": "6.2.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.4",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.0.8"
                },
                {
                  "lessThanOrEqual": "6.0.6",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "Escalation of privilege",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-19T10:57:39.255Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://www.fortiguard.com/psirt/FG-IR-20-110",
              "url": "https://www.fortiguard.com/psirt/FG-IR-20-110"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiClient for Linux versions 6.2.8 or above. \r\nPlease upgrade to FortiClient for Linux versions 6.4.1 or above."
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2020-15934",
        "datePublished": "2024-12-19T10:57:39.255Z",
        "dateReserved": "2020-07-24T00:00:00.000Z",
        "dateUpdated": "2024-12-20T17:23:40.395Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-50570 (GCVE-0-2024-50570)

    Vulnerability from nvd – Published: 2024-12-18 12:44 – Updated: 2025-08-27 21:29
    VLAI
    Summary
    A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-312 - Information disclosure
    • CWE-312 - Cleartext Storage of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiClientMac Affected: 7.4.0 , ≤ 7.4.2 (semver)
    Affected: 7.2.0 , ≤ 7.2.7 (semver)
    Affected: 7.0.0 , ≤ 7.0.14 (semver)
    Create a notification for this product.
    Fortinet FortiClientLinux Affected: 7.4.0 , ≤ 7.4.2 (semver)
    Affected: 7.2.0 , ≤ 7.2.7 (semver)
    Affected: 7.0.0 , ≤ 7.0.13 (semver)
    Create a notification for this product.
    Fortinet FortiClientWindows Affected: 7.4.0
    Affected: 7.2.0 , ≤ 7.2.5 (semver)
    Affected: 7.0.0 , ≤ 7.0.13 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-50570",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-18T14:30:59.618705Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-312",
                    "description": "CWE-312 Cleartext Storage of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T21:29:14.762Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiClientMac",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.2",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.7",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.14",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiClientLinux",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.2",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.7",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.13",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiClientWindows",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "lessThanOrEqual": "7.2.5",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.13",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript\u0027s garbage collector"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N/E:F/RL:X/RC:X",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T12:44:38.644Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-278",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-278"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiClientLinux version 7.4.3 or above \nPlease upgrade to FortiClientLinux version 7.2.8 or above \nPlease upgrade to FortiClientLinux version 7.0.14 or above \nPlease upgrade to FortiClientWindows version 7.4.2 or above \nPlease upgrade to FortiClientWindows version 7.2.7 or above \nPlease upgrade to FortiClientWindows version 7.0.14 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2024-50570",
        "datePublished": "2024-12-18T12:44:38.644Z",
        "dateReserved": "2024-10-24T11:52:14.402Z",
        "dateUpdated": "2025-08-27T21:29:14.762Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-31489 (GCVE-0-2024-31489)

    Vulnerability from nvd – Published: 2024-09-10 14:37 – Updated: 2024-09-10 17:52
    VLAI
    Summary
    AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiClientMac Affected: 7.2.0 , ≤ 7.2.4 (semver)
    Affected: 7.0.0 , ≤ 7.0.11 (semver)
    Create a notification for this product.
    Fortinet FortiClientEMS Affected: 7.0.0 , ≤ 7.0.13 (semver)
    Create a notification for this product.
    Fortinet FortiClientLinux Affected: 7.2.0
    Affected: 7.0.0 , ≤ 7.0.11 (semver)
    Create a notification for this product.
    Fortinet FortiClientWindows Affected: 7.2.0 , ≤ 7.2.2 (semver)
    Affected: 7.0.0 , ≤ 7.0.11 (semver)
    Create a notification for this product.
    fortinet forticlientmac Affected: 7.2.0 , ≤ 7.2.4 (custom)
    Affected: 7.0.0 , ≤ 7.0.11 (custom)
        cpe:2.3:a:fortinet:forticlientmac:*:*:*:*:*:*:*:*
    Create a notification for this product.
    fortinet forticlientlinux Affected: 7.2.0
    Affected: 7.0.0 , ≤ 7.0.11 (custom)
        cpe:2.3:a:fortinet:forticlientlinux:*:*:*:*:*:*:*:*
    Create a notification for this product.
    fortinet forticlientwindows Affected: 7.2.0 , ≤ 7.2.2 (custom)
    Affected: 7.0.0 , ≤ 7.0.11 (custom)
        cpe:2.3:a:fortinet:forticlientwindows:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:forticlientmac:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "forticlientmac",
                "vendor": "fortinet",
                "versions": [
                  {
                    "lessThanOrEqual": "7.2.4",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "7.0.11",
                    "status": "affected",
                    "version": "7.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:forticlientlinux:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "forticlientlinux",
                "vendor": "fortinet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.2.0"
                  },
                  {
                    "lessThanOrEqual": "7.0.11",
                    "status": "affected",
                    "version": "7.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:forticlientwindows:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "forticlientwindows",
                "vendor": "fortinet",
                "versions": [
                  {
                    "lessThanOrEqual": "7.2.2",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "7.0.11",
                    "status": "affected",
                    "version": "7.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-31489",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T17:47:00.423144Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-10T17:52:01.310Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiClientMac",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.4",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.11",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiClientEMS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.0.13",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiClientLinux",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "lessThanOrEqual": "7.0.11",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiClientWindows",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.2",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.11",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11,  FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:U/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-10T14:37:48.066Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-22-282",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-282"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiClientMac version 7.2.5 or above \nPlease upgrade to FortiClientMac version 7.0.12 or above \nPlease upgrade to FortiClientEMS version 7.2.0 or above \nPlease upgrade to FortiClientLinux version 7.2.1 or above \nPlease upgrade to FortiClientLinux version 7.0.12 or above \nPlease upgrade to FortiClientWindows version 7.2.3 or above \nPlease upgrade to FortiClientWindows version 7.0.12 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2024-31489",
        "datePublished": "2024-09-10T14:37:48.066Z",
        "dateReserved": "2024-04-04T12:52:41.585Z",
        "dateUpdated": "2024-09-10T17:52:01.310Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-45856 (GCVE-0-2022-45856)

    Vulnerability from nvd – Published: 2024-09-10 14:37 – Updated: 2024-09-10 19:01
    VLAI
    Summary
    An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and  both the service provider and the identity provider.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiClientiOS Affected: 7.0.3 , ≤ 7.0.6 (semver)
    Affected: 7.0.0 , ≤ 7.0.1 (semver)
    Affected: 6.0.0 , ≤ 6.0.1 (semver)
    Affected: 5.6.5 , ≤ 5.6.6 (semver)
    Affected: 5.6.0 , ≤ 5.6.1 (semver)
    Affected: 5.4.3 , ≤ 5.4.4 (semver)
    Affected: 5.4.0 , ≤ 5.4.1 (semver)
    Affected: 5.2.0 , ≤ 5.2.3 (semver)
    Affected: 5.0.0 , ≤ 5.0.3 (semver)
    Affected: 4.0.0 , ≤ 4.0.2 (semver)
    Affected: 2.0.0 , ≤ 2.0.1 (semver)
        cpe:2.3:a:fortinet:forticlientios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:6.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:6.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.6.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:4.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:4.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:4.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:2.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:2.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiClientAndroid Affected: 7.2.0
    Affected: 7.0.6 , ≤ 7.0.7 (semver)
    Affected: 7.0.2 , ≤ 7.0.3 (semver)
    Affected: 7.0.0
    Affected: 6.4.6
    Affected: 6.4.4
    Affected: 6.4.1
    Affected: 6.0.0
    Affected: 5.6.0
    Affected: 5.4.0 , ≤ 5.4.2 (semver)
    Affected: 5.2.0 , ≤ 5.2.8 (semver)
    Affected: 5.0.0 , ≤ 5.0.3 (semver)
    Create a notification for this product.
    Fortinet FortiClientMac Affected: 7.2.0 , ≤ 7.2.4 (semver)
    Affected: 7.0.0 , ≤ 7.0.13 (semver)
    Affected: 6.4.0 , ≤ 6.4.10 (semver)
    Create a notification for this product.
    Fortinet FortiClientLinux Affected: 7.2.0 , ≤ 7.2.4 (semver)
    Affected: 7.0.0 , ≤ 7.0.13 (semver)
    Affected: 6.4.7 , ≤ 6.4.9 (semver)
    Affected: 6.4.0 , ≤ 6.4.4 (semver)
    Create a notification for this product.
    Fortinet FortiClientWindows Affected: 7.0.0 , ≤ 7.0.7 (semver)
    Affected: 6.4.0 , ≤ 6.4.10 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-45856",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T19:01:07.692905Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-10T19:01:23.813Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:forticlientios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:6.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:6.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.6.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:4.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:4.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:4.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:2.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:2.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiClientiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.0.6",
                  "status": "affected",
                  "version": "7.0.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.1",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.0.1",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.6.6",
                  "status": "affected",
                  "version": "5.6.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.6.1",
                  "status": "affected",
                  "version": "5.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.4.4",
                  "status": "affected",
                  "version": "5.4.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.4.1",
                  "status": "affected",
                  "version": "5.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.2.3",
                  "status": "affected",
                  "version": "5.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.0.3",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.0.2",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "2.0.1",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiClientAndroid",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "lessThanOrEqual": "7.0.7",
                  "status": "affected",
                  "version": "7.0.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.3",
                  "status": "affected",
                  "version": "7.0.2",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "7.0.0"
                },
                {
                  "status": "affected",
                  "version": "6.4.6"
                },
                {
                  "status": "affected",
                  "version": "6.4.4"
                },
                {
                  "status": "affected",
                  "version": "6.4.1"
                },
                {
                  "status": "affected",
                  "version": "6.0.0"
                },
                {
                  "status": "affected",
                  "version": "5.6.0"
                },
                {
                  "lessThanOrEqual": "5.4.2",
                  "status": "affected",
                  "version": "5.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.2.8",
                  "status": "affected",
                  "version": "5.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.0.3",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiClientMac",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.4",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.13",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.10",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiClientLinux",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.4",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.13",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.9",
                  "status": "affected",
                  "version": "6.4.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.4",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiClientWindows",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.10",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to\u00a0man-in-the-middle the communication between the FortiClient and\u00a0 both the service provider and the identity provider."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-10T14:37:48.663Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-22-230",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-230"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiClientAndroid version 7.2.1 or above \nPlease upgrade to FortiClientiOS version 7.0.7 or above \nPlease upgrade to FortiClientMac version 7.4.0 or above \nPlease upgrade to FortiClientMac version 7.2.5 or above \nPlease upgrade to FortiClientLinux version 7.4.0 or above \nPlease upgrade to FortiClientLinux version 7.2.5 or above \nPlease upgrade to FortiClientWindows version 7.2.0 or above \nPlease upgrade to FortiClientWindows version 7.0.8 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2022-45856",
        "datePublished": "2024-09-10T14:37:48.663Z",
        "dateReserved": "2022-11-23T14:57:05.612Z",
        "dateUpdated": "2024-09-10T19:01:23.813Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45590 (GCVE-0-2023-45590)

    Vulnerability from nvd – Published: 2024-04-09 14:24 – Updated: 2024-08-12 17:46
    VLAI
    Summary
    An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiClientLinux Affected: 7.2.0
    Affected: 7.0.6 , ≤ 7.0.10 (semver)
    Affected: 7.0.3 , ≤ 7.0.4 (semver)
    Create a notification for this product.
    fortinet forticlient Affected: 0 , < 7.0.10 (semver)
    Affected: 7.0.3 , < 7.0.4 (semver)
        cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*
    Create a notification for this product.
    fortinet forticlient Affected: 7.2.0
        cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:linux:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:21:16.694Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://fortiguard.com/psirt/FG-IR-23-087",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-23-087"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "forticlient",
                "vendor": "fortinet",
                "versions": [
                  {
                    "lessThan": "7.0.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  },
                  {
                    "lessThan": "7.0.4",
                    "status": "affected",
                    "version": "7.0.3",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:linux:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "forticlient",
                "vendor": "fortinet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.2.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45590",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-11T04:01:08.566633Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T17:46:37.654Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FortiClientLinux",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "lessThanOrEqual": "7.0.10",
                  "status": "affected",
                  "version": "7.0.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.4",
                  "status": "affected",
                  "version": "7.0.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper control of generation of code (\u0027code injection\u0027) in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:X/RC:X",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-09T14:24:19.922Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-23-087",
              "url": "https://fortiguard.com/psirt/FG-IR-23-087"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiClientLinux version 7.2.1 or above \nPlease upgrade to FortiClientLinux version 7.0.11 or above \n"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2023-45590",
        "datePublished": "2024-04-09T14:24:19.922Z",
        "dateReserved": "2023-10-09T08:01:29.297Z",
        "dateUpdated": "2024-08-12T17:46:37.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37939 (GCVE-0-2023-37939)

    Vulnerability from nvd – Published: 2023-10-10 16:50 – Updated: 2024-09-18 20:26
    VLAI
    Summary
    An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiClientMac Affected: 7.2.0 , ≤ 7.2.1 (semver)
    Affected: 7.0.0 , ≤ 7.0.9 (semver)
    Affected: 6.4.0 , ≤ 6.4.10 (semver)
    Affected: 6.2.0 , ≤ 6.2.9 (semver)
    Create a notification for this product.
    Fortinet FortiClientWindows Affected: 7.2.0
    Affected: 7.0.0 , ≤ 7.0.9 (semver)
    Affected: 6.4.0 , ≤ 6.4.10 (semver)
    Affected: 6.2.0 , ≤ 6.2.9 (semver)
    Create a notification for this product.
    Fortinet FortiClientLinux Affected: 7.2.0
    Affected: 7.0.6 , ≤ 7.0.9 (semver)
    Affected: 7.0.0 , ≤ 7.0.4 (semver)
    Affected: 6.4.7 , ≤ 6.4.9 (semver)
    Affected: 6.4.0 , ≤ 6.4.4 (semver)
    Affected: 6.2.6 , ≤ 6.2.9 (semver)
    Affected: 6.2.0 , ≤ 6.2.4 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:23:27.759Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://fortiguard.com/psirt/FG-IR-22-235",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-22-235"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37939",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-18T20:26:36.640081Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-18T20:26:45.399Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FortiClientMac",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.1",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.9",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.10",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.9",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "FortiClientWindows",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "lessThanOrEqual": "7.0.9",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.10",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.9",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "FortiClientLinux",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "lessThanOrEqual": "7.0.9",
                  "status": "affected",
                  "version": "7.0.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.4",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.9",
                  "status": "affected",
                  "version": "6.4.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.4",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.9",
                  "status": "affected",
                  "version": "6.2.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.4",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in\u00a0FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of\u00a0files or folders excluded from malware scanning."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:R",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-10T16:50:04.463Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-22-235",
              "url": "https://fortiguard.com/psirt/FG-IR-22-235"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiClientMac version 7.2.2 or above Please upgrade to FortiClientWindows version 7.2.1 or above Please upgrade to FortiClientLinux version 7.2.1 or above "
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2023-37939",
        "datePublished": "2023-10-10T16:50:04.463Z",
        "dateReserved": "2023-07-11T08:16:54.093Z",
        "dateUpdated": "2024-09-18T20:26:45.399Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-24018 (GCVE-0-2026-24018)

    Vulnerability from cvelistv5 – Published: 2026-03-10 16:44 – Updated: 2026-03-11 13:08
    VLAI
    Summary
    A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-61 - Escalation of privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiClientLinux Affected: 7.4.0 , ≤ 7.4.4 (semver)
    Affected: 7.2.2 , ≤ 7.2.12 (semver)
        cpe:2.3:a:fortinet:forticlientlinux:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientlinux:7.2.2:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24018",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-11T03:56:55.161799Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T13:08:18.944Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:forticlientlinux:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientlinux:7.2.2:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiClientLinux",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.4",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-61",
                  "description": "Escalation of privilege",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T16:44:14.285Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-083",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-083"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to upcoming  FortiClientLinux version 8.0.0 or above\nUpgrade to FortiClientLinux version 7.4.5 or above\nUpgrade to FortiClientLinux version 7.2.13 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-24018",
        "datePublished": "2026-03-10T16:44:14.285Z",
        "dateReserved": "2026-01-20T11:13:10.549Z",
        "dateUpdated": "2026-03-11T13:08:18.944Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-15934 (GCVE-0-2020-15934)

    Vulnerability from cvelistv5 – Published: 2024-12-19 10:57 – Updated: 2024-12-20 17:23
    VLAI
    Summary
    An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Escalation of privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiClientLinux Affected: 6.4.0
    Affected: 6.2.6 , ≤ 6.2.7 (semver)
    Affected: 6.2.0 , ≤ 6.2.4 (semver)
    Affected: 6.0.8
    Affected: 6.0.0 , ≤ 6.0.6 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-15934",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-20T17:22:49.806588Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-20T17:23:40.395Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiClientLinux",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.4.0"
                },
                {
                  "lessThanOrEqual": "6.2.7",
                  "status": "affected",
                  "version": "6.2.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.4",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.0.8"
                },
                {
                  "lessThanOrEqual": "6.0.6",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "Escalation of privilege",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-19T10:57:39.255Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://www.fortiguard.com/psirt/FG-IR-20-110",
              "url": "https://www.fortiguard.com/psirt/FG-IR-20-110"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiClient for Linux versions 6.2.8 or above. \r\nPlease upgrade to FortiClient for Linux versions 6.4.1 or above."
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2020-15934",
        "datePublished": "2024-12-19T10:57:39.255Z",
        "dateReserved": "2020-07-24T00:00:00.000Z",
        "dateUpdated": "2024-12-20T17:23:40.395Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-50570 (GCVE-0-2024-50570)

    Vulnerability from cvelistv5 – Published: 2024-12-18 12:44 – Updated: 2025-08-27 21:29
    VLAI
    Summary
    A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-312 - Information disclosure
    • CWE-312 - Cleartext Storage of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiClientMac Affected: 7.4.0 , ≤ 7.4.2 (semver)
    Affected: 7.2.0 , ≤ 7.2.7 (semver)
    Affected: 7.0.0 , ≤ 7.0.14 (semver)
    Create a notification for this product.
    Fortinet FortiClientLinux Affected: 7.4.0 , ≤ 7.4.2 (semver)
    Affected: 7.2.0 , ≤ 7.2.7 (semver)
    Affected: 7.0.0 , ≤ 7.0.13 (semver)
    Create a notification for this product.
    Fortinet FortiClientWindows Affected: 7.4.0
    Affected: 7.2.0 , ≤ 7.2.5 (semver)
    Affected: 7.0.0 , ≤ 7.0.13 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-50570",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-18T14:30:59.618705Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-312",
                    "description": "CWE-312 Cleartext Storage of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T21:29:14.762Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiClientMac",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.2",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.7",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.14",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiClientLinux",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.2",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.7",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.13",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiClientWindows",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "lessThanOrEqual": "7.2.5",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.13",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript\u0027s garbage collector"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N/E:F/RL:X/RC:X",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T12:44:38.644Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-278",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-278"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiClientLinux version 7.4.3 or above \nPlease upgrade to FortiClientLinux version 7.2.8 or above \nPlease upgrade to FortiClientLinux version 7.0.14 or above \nPlease upgrade to FortiClientWindows version 7.4.2 or above \nPlease upgrade to FortiClientWindows version 7.2.7 or above \nPlease upgrade to FortiClientWindows version 7.0.14 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2024-50570",
        "datePublished": "2024-12-18T12:44:38.644Z",
        "dateReserved": "2024-10-24T11:52:14.402Z",
        "dateUpdated": "2025-08-27T21:29:14.762Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-45856 (GCVE-0-2022-45856)

    Vulnerability from cvelistv5 – Published: 2024-09-10 14:37 – Updated: 2024-09-10 19:01
    VLAI
    Summary
    An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and  both the service provider and the identity provider.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiClientiOS Affected: 7.0.3 , ≤ 7.0.6 (semver)
    Affected: 7.0.0 , ≤ 7.0.1 (semver)
    Affected: 6.0.0 , ≤ 6.0.1 (semver)
    Affected: 5.6.5 , ≤ 5.6.6 (semver)
    Affected: 5.6.0 , ≤ 5.6.1 (semver)
    Affected: 5.4.3 , ≤ 5.4.4 (semver)
    Affected: 5.4.0 , ≤ 5.4.1 (semver)
    Affected: 5.2.0 , ≤ 5.2.3 (semver)
    Affected: 5.0.0 , ≤ 5.0.3 (semver)
    Affected: 4.0.0 , ≤ 4.0.2 (semver)
    Affected: 2.0.0 , ≤ 2.0.1 (semver)
        cpe:2.3:a:fortinet:forticlientios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:6.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:6.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.6.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:4.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:4.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:4.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:2.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientios:2.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiClientAndroid Affected: 7.2.0
    Affected: 7.0.6 , ≤ 7.0.7 (semver)
    Affected: 7.0.2 , ≤ 7.0.3 (semver)
    Affected: 7.0.0
    Affected: 6.4.6
    Affected: 6.4.4
    Affected: 6.4.1
    Affected: 6.0.0
    Affected: 5.6.0
    Affected: 5.4.0 , ≤ 5.4.2 (semver)
    Affected: 5.2.0 , ≤ 5.2.8 (semver)
    Affected: 5.0.0 , ≤ 5.0.3 (semver)
    Create a notification for this product.
    Fortinet FortiClientMac Affected: 7.2.0 , ≤ 7.2.4 (semver)
    Affected: 7.0.0 , ≤ 7.0.13 (semver)
    Affected: 6.4.0 , ≤ 6.4.10 (semver)
    Create a notification for this product.
    Fortinet FortiClientLinux Affected: 7.2.0 , ≤ 7.2.4 (semver)
    Affected: 7.0.0 , ≤ 7.0.13 (semver)
    Affected: 6.4.7 , ≤ 6.4.9 (semver)
    Affected: 6.4.0 , ≤ 6.4.4 (semver)
    Create a notification for this product.
    Fortinet FortiClientWindows Affected: 7.0.0 , ≤ 7.0.7 (semver)
    Affected: 6.4.0 , ≤ 6.4.10 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-45856",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T19:01:07.692905Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-10T19:01:23.813Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:forticlientios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:6.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:6.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.6.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:4.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:4.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:4.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:2.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientios:2.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiClientiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.0.6",
                  "status": "affected",
                  "version": "7.0.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.1",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.0.1",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.6.6",
                  "status": "affected",
                  "version": "5.6.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.6.1",
                  "status": "affected",
                  "version": "5.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.4.4",
                  "status": "affected",
                  "version": "5.4.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.4.1",
                  "status": "affected",
                  "version": "5.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.2.3",
                  "status": "affected",
                  "version": "5.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.0.3",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.0.2",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "2.0.1",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiClientAndroid",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "lessThanOrEqual": "7.0.7",
                  "status": "affected",
                  "version": "7.0.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.3",
                  "status": "affected",
                  "version": "7.0.2",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "7.0.0"
                },
                {
                  "status": "affected",
                  "version": "6.4.6"
                },
                {
                  "status": "affected",
                  "version": "6.4.4"
                },
                {
                  "status": "affected",
                  "version": "6.4.1"
                },
                {
                  "status": "affected",
                  "version": "6.0.0"
                },
                {
                  "status": "affected",
                  "version": "5.6.0"
                },
                {
                  "lessThanOrEqual": "5.4.2",
                  "status": "affected",
                  "version": "5.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.2.8",
                  "status": "affected",
                  "version": "5.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.0.3",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiClientMac",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.4",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.13",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.10",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiClientLinux",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.4",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.13",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.9",
                  "status": "affected",
                  "version": "6.4.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.4",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiClientWindows",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.10",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to\u00a0man-in-the-middle the communication between the FortiClient and\u00a0 both the service provider and the identity provider."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-10T14:37:48.663Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-22-230",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-230"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiClientAndroid version 7.2.1 or above \nPlease upgrade to FortiClientiOS version 7.0.7 or above \nPlease upgrade to FortiClientMac version 7.4.0 or above \nPlease upgrade to FortiClientMac version 7.2.5 or above \nPlease upgrade to FortiClientLinux version 7.4.0 or above \nPlease upgrade to FortiClientLinux version 7.2.5 or above \nPlease upgrade to FortiClientWindows version 7.2.0 or above \nPlease upgrade to FortiClientWindows version 7.0.8 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2022-45856",
        "datePublished": "2024-09-10T14:37:48.663Z",
        "dateReserved": "2022-11-23T14:57:05.612Z",
        "dateUpdated": "2024-09-10T19:01:23.813Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-31489 (GCVE-0-2024-31489)

    Vulnerability from cvelistv5 – Published: 2024-09-10 14:37 – Updated: 2024-09-10 17:52
    VLAI
    Summary
    AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiClientMac Affected: 7.2.0 , ≤ 7.2.4 (semver)
    Affected: 7.0.0 , ≤ 7.0.11 (semver)
    Create a notification for this product.
    Fortinet FortiClientEMS Affected: 7.0.0 , ≤ 7.0.13 (semver)
    Create a notification for this product.
    Fortinet FortiClientLinux Affected: 7.2.0
    Affected: 7.0.0 , ≤ 7.0.11 (semver)
    Create a notification for this product.
    Fortinet FortiClientWindows Affected: 7.2.0 , ≤ 7.2.2 (semver)
    Affected: 7.0.0 , ≤ 7.0.11 (semver)
    Create a notification for this product.
    fortinet forticlientmac Affected: 7.2.0 , ≤ 7.2.4 (custom)
    Affected: 7.0.0 , ≤ 7.0.11 (custom)
        cpe:2.3:a:fortinet:forticlientmac:*:*:*:*:*:*:*:*
    Create a notification for this product.
    fortinet forticlientlinux Affected: 7.2.0
    Affected: 7.0.0 , ≤ 7.0.11 (custom)
        cpe:2.3:a:fortinet:forticlientlinux:*:*:*:*:*:*:*:*
    Create a notification for this product.
    fortinet forticlientwindows Affected: 7.2.0 , ≤ 7.2.2 (custom)
    Affected: 7.0.0 , ≤ 7.0.11 (custom)
        cpe:2.3:a:fortinet:forticlientwindows:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:forticlientmac:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "forticlientmac",
                "vendor": "fortinet",
                "versions": [
                  {
                    "lessThanOrEqual": "7.2.4",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "7.0.11",
                    "status": "affected",
                    "version": "7.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:forticlientlinux:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "forticlientlinux",
                "vendor": "fortinet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.2.0"
                  },
                  {
                    "lessThanOrEqual": "7.0.11",
                    "status": "affected",
                    "version": "7.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:forticlientwindows:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "forticlientwindows",
                "vendor": "fortinet",
                "versions": [
                  {
                    "lessThanOrEqual": "7.2.2",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "7.0.11",
                    "status": "affected",
                    "version": "7.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-31489",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T17:47:00.423144Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-10T17:52:01.310Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiClientMac",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.4",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.11",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiClientEMS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.0.13",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiClientLinux",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "lessThanOrEqual": "7.0.11",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiClientWindows",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.2",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.11",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11,  FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:U/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-10T14:37:48.066Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-22-282",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-282"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiClientMac version 7.2.5 or above \nPlease upgrade to FortiClientMac version 7.0.12 or above \nPlease upgrade to FortiClientEMS version 7.2.0 or above \nPlease upgrade to FortiClientLinux version 7.2.1 or above \nPlease upgrade to FortiClientLinux version 7.0.12 or above \nPlease upgrade to FortiClientWindows version 7.2.3 or above \nPlease upgrade to FortiClientWindows version 7.0.12 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2024-31489",
        "datePublished": "2024-09-10T14:37:48.066Z",
        "dateReserved": "2024-04-04T12:52:41.585Z",
        "dateUpdated": "2024-09-10T17:52:01.310Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45590 (GCVE-0-2023-45590)

    Vulnerability from cvelistv5 – Published: 2024-04-09 14:24 – Updated: 2024-08-12 17:46
    VLAI
    Summary
    An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiClientLinux Affected: 7.2.0
    Affected: 7.0.6 , ≤ 7.0.10 (semver)
    Affected: 7.0.3 , ≤ 7.0.4 (semver)
    Create a notification for this product.
    fortinet forticlient Affected: 0 , < 7.0.10 (semver)
    Affected: 7.0.3 , < 7.0.4 (semver)
        cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*
    Create a notification for this product.
    fortinet forticlient Affected: 7.2.0
        cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:linux:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:21:16.694Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://fortiguard.com/psirt/FG-IR-23-087",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-23-087"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "forticlient",
                "vendor": "fortinet",
                "versions": [
                  {
                    "lessThan": "7.0.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  },
                  {
                    "lessThan": "7.0.4",
                    "status": "affected",
                    "version": "7.0.3",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:linux:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "forticlient",
                "vendor": "fortinet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.2.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45590",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-11T04:01:08.566633Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T17:46:37.654Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FortiClientLinux",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "lessThanOrEqual": "7.0.10",
                  "status": "affected",
                  "version": "7.0.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.4",
                  "status": "affected",
                  "version": "7.0.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper control of generation of code (\u0027code injection\u0027) in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:X/RC:X",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-09T14:24:19.922Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-23-087",
              "url": "https://fortiguard.com/psirt/FG-IR-23-087"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiClientLinux version 7.2.1 or above \nPlease upgrade to FortiClientLinux version 7.0.11 or above \n"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2023-45590",
        "datePublished": "2024-04-09T14:24:19.922Z",
        "dateReserved": "2023-10-09T08:01:29.297Z",
        "dateUpdated": "2024-08-12T17:46:37.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37939 (GCVE-0-2023-37939)

    Vulnerability from cvelistv5 – Published: 2023-10-10 16:50 – Updated: 2024-09-18 20:26
    VLAI
    Summary
    An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiClientMac Affected: 7.2.0 , ≤ 7.2.1 (semver)
    Affected: 7.0.0 , ≤ 7.0.9 (semver)
    Affected: 6.4.0 , ≤ 6.4.10 (semver)
    Affected: 6.2.0 , ≤ 6.2.9 (semver)
    Create a notification for this product.
    Fortinet FortiClientWindows Affected: 7.2.0
    Affected: 7.0.0 , ≤ 7.0.9 (semver)
    Affected: 6.4.0 , ≤ 6.4.10 (semver)
    Affected: 6.2.0 , ≤ 6.2.9 (semver)
    Create a notification for this product.
    Fortinet FortiClientLinux Affected: 7.2.0
    Affected: 7.0.6 , ≤ 7.0.9 (semver)
    Affected: 7.0.0 , ≤ 7.0.4 (semver)
    Affected: 6.4.7 , ≤ 6.4.9 (semver)
    Affected: 6.4.0 , ≤ 6.4.4 (semver)
    Affected: 6.2.6 , ≤ 6.2.9 (semver)
    Affected: 6.2.0 , ≤ 6.2.4 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:23:27.759Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://fortiguard.com/psirt/FG-IR-22-235",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-22-235"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37939",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-18T20:26:36.640081Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-18T20:26:45.399Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FortiClientMac",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.1",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.9",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.10",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.9",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "FortiClientWindows",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "lessThanOrEqual": "7.0.9",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.10",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.9",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "FortiClientLinux",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "lessThanOrEqual": "7.0.9",
                  "status": "affected",
                  "version": "7.0.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.4",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.9",
                  "status": "affected",
                  "version": "6.4.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.4",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.9",
                  "status": "affected",
                  "version": "6.2.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.4",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in\u00a0FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of\u00a0files or folders excluded from malware scanning."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:R",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-10T16:50:04.463Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-22-235",
              "url": "https://fortiguard.com/psirt/FG-IR-22-235"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiClientMac version 7.2.2 or above Please upgrade to FortiClientWindows version 7.2.1 or above Please upgrade to FortiClientLinux version 7.2.1 or above "
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2023-37939",
        "datePublished": "2023-10-10T16:50:04.463Z",
        "dateReserved": "2023-07-11T08:16:54.093Z",
        "dateUpdated": "2024-09-18T20:26:45.399Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }