Forticlient Endpoint Management Server Fortinet Forticlient Endpoint Management Server

Do you want an email whenever new security vulnerabilities are reported in Fortinet Forticlient Endpoint Management Server?

By the Year

In 2023 there have been 0 vulnerabilities in Fortinet Forticlient Endpoint Management Server . Forticlient Endpoint Management Server did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2023 0 0.00
2022 0 0.00
2021 3 7.57
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Forticlient Endpoint Management Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Fortinet Forticlient Endpoint Management Server Security Vulnerabilities

A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may

CVE-2021-41028 7.5 - High - December 16, 2021

A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol.

Use of Hard-coded Credentials

An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain

CVE-2021-24019 9.8 - Critical - October 06, 2021

An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)

Insufficient Session Expiration

A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may

CVE-2020-15941 5.4 - Medium - October 06, 2021

A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages.

Directory traversal

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Fortinet Forticlient Endpoint Management Server or by Fortinet? Click the Watch button to subscribe.

Fortinet
Vendor

subscribe