U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:fortinet:forticlient:6.2.5:*:*:*:*:linux:*:*
  • CPE Name Search: true
There are 3 matching records.
Displaying matches 1 through 3.
Vuln ID Summary CVSS Severity

An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links.

Published: May 11, 2022; 11:15:08 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM

An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow an unauthenticated attacker to execute arbitrary code on the host operating system as root via tricking the user into connecting to a network with a malicious name.

Published: April 06, 2022; 12:15:07 PM -0400
V3.1: 8.0 HIGH
V2.0: 7.9 HIGH

A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol.

Published: December 16, 2021; 2:15:08 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.4 MEDIUM