Improper Control of Code Generation in FortiClient for MacOS
CVE-2021-42754

3.2LOW

Key Information:

Vendor: Fortinet
Status: Fortinet Forticlientmac
Vendor: CVE Published:; 2 November 2021

Summary

An improper control of code generation vulnerability exists in FortiClient for MacOS, affecting versions 7.0.0 and below, as well as 6.4.5 and below. This flaw enables authenticated attackers to potentially hijack the MacOS camera without the user's consent by using a malicious dynamic library (dylib) file. Users should ensure they are running the latest version of the software to mitigate the risk of exploitation.

Affected Version(s)

Fortinet FortiClientMac FortiClientMac 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0

References

https://fortiguard.com/advisory/FG-IR-21-079

x_refsource_CONFIRM

CVSS V3.1

Score:

3.2

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 2, 2021
Vulnerability Reserved
Oct 20, 2021