Arbitrary Code Execution Vulnerability in FortiClientMac Installer
CVE-2024-31492

7.8HIGH

Key Information:

Vendor

Fortinet

Vendor
CVE Published:
10 April 2024

What is CVE-2024-31492?

An external control of file name or path vulnerability exists in FortiClient for Mac that can be exploited by local attackers. The vulnerability arises during the installation process, where a malicious configuration file can be introduced in the /tmp directory before the installation begins. This flaw may enable an attacker to execute arbitrary code or commands, posing a significant security risk to users with affected versions. Proper configuration and vigilance are essential to mitigate these risks and protect system integrity.

Affected Version(s)

FortiClientMac 7.2.0 <= 7.2.3

FortiClientMac 7.0.6 <= 7.0.10

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.