Sensitive Information Exposure in FortiClient for Mac
CVE-2022-33878

2.2LOW

Key Information:

Vendor: Fortinet
Status: Fortinet Forticlientmac
Vendor: CVE Published:; 2 November 2022

What is CVE-2022-33878?

A vulnerability in FortiClient for Mac versions 7.0.0 through 7.0.5 allows localized authenticated attackers to access sensitive information, specifically the SSL-VPN password, in cleartext. This can be achieved by executing a logstream command for the FortiTray process through the terminal, presenting a significant risk if exploited. Ensuring secure coding practices and appropriate user access controls can help mitigate this issue.

Affected Version(s)

Fortinet FortiClientMac FortiClientMac 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0

References

https://fortiguard.com/psirt/FG-IR-22-246

CVSS V3.1

Score:

2.2

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 2, 2022
Vulnerability Reserved
Jun 16, 2022