CVE-2021-42754

3.2LOW

Key Information:

Vendor: Fortinet
Status: Fortinet Forticlientmac
Vendor: CVE Published:; 2 November 2021

Summary

An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without the user permission via the malicious dylib file.

Affected Version(s)

Fortinet FortiClientMac FortiClientMac 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0

References

https://fortiguard.com/advisory/FG-IR-21-079

x_refsource_CONFIRM

CVSS V3.1

Score:

3.2

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 2, 2021
Vulnerability Reserved
Oct 20, 2021