Improper Isolation Vulnerability in FortiClient and FortiVoice Desktop Applications
CVE-2024-35281
2.3LOW
Key Information:
- Vendor
Fortinet
- Vendor
- CVE Published:
- 13 May 2025
What is CVE-2024-35281?
An improper isolation or compartmentalization vulnerability exists in FortiClientMac versions 7.4.2 and below, 7.2.8 and below, 7.0 all versions, and in all versions of FortiVoiceUCDesktop. This flaw could be exploited by an authenticated attacker who may inject malicious code through Electron environment variables, potentially compromising the application’s integrity and the security of the environment.
Affected Version(s)
FortiClientMac 7.4.0 <= 7.4.2
FortiClientMac 7.2.0 <= 7.2.8
FortiClientMac 7.0.0 <= 7.0.14