Fortinet FortiClient 6.4.2 for MacOS

CPE Details

Fortinet FortiClient 6.4.2 for MacOS
fortinet
forticlient
6.4.2
2021-07-30
15h08 +00:00
2021-07-30
15h31 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:fortinet:forticlient:6.4.2:*:*:*:*:macos:*:*

Informations

Vendor

fortinet

Product

forticlient

Version

6.4.2

Target Software

macos

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-40592 2024-11-12 18h53 +00:00 An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to swap the installer with a malicious package via a race condition during the installation process.
7.5
High
CVE-2024-3661 2024-05-06 18h31 +00:00 DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.
7.6
High
CVE-2023-37939 2023-10-10 16h50 +00:00 An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning.
3.3
Low
CVE-2023-22635 2023-04-11 16h05 +00:00 A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate their privileges via modifying the installer upon upgrade.
7.8
High
CVE-2021-41028 2021-12-16 17h13 +00:00 A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol.
8.2
High
CVE-2021-42754 2021-11-02 17h56 +00:00 An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without the user permission via the malicious dylib file.
5
Medium
CVE-2021-26089 2021-07-12 10h48 +00:00 An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase.
7.8
High