Improper Isolation Vulnerability in FortiClient and FortiVoice Desktop Applications
CVE-2024-35281

2.3LOW

Key Information:

Vendor

Fortinet

Vendor
CVE Published:
13 May 2025

What is CVE-2024-35281?

An improper isolation or compartmentalization vulnerability exists in FortiClientMac versions 7.4.2 and below, 7.2.8 and below, 7.0 all versions, and in all versions of FortiVoiceUCDesktop. This flaw could be exploited by an authenticated attacker who may inject malicious code through Electron environment variables, potentially compromising the application’s integrity and the security of the environment.

Affected Version(s)

FortiClientMac 7.4.0 <= 7.4.2

FortiClientMac 7.2.0 <= 7.2.8

FortiClientMac 7.0.0 <= 7.0.14

References

CVSS V3.1

Score:
2.3
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.