External Control of File Name Vulnerability in FortiClient for Mac
CVE-2023-45588

7.8HIGH

Key Information:

Vendor: Fortinet
Status: Forticlientmac
Vendor: CVE Published:; 14 March 2025

What is CVE-2023-45588?

A vulnerability in FortiClient for Mac allows local attackers to manipulate file paths, potentially enabling them to execute arbitrary code. This issue arises when a malicious configuration file is created in the /tmp directory before the installation process begins. As a result, compromised installations could lead to unauthorized commands being executed, posing significant security risks for users.

Affected Version(s)

FortiClientMac 7.2.0 <= 7.2.3

FortiClientMac 7.0.6 <= 7.0.10

References

https://fortiguard.com/psirt/FG-IR-23-345

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 14, 2025
Vulnerability Reserved
Oct 9, 2023

Fortinet

What is CVE-2023-45588?

Affected Version(s)

References

CVSS V3.1

Timeline