Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
30 vulnerabilities found for FortiClientMac by Fortinet
CVE-2025-46774 (GCVE-0-2025-46774)
Vulnerability from cvelistv5 – Published: 2025-10-14 15:23 – Updated: 2026-02-26 17:47
VLAI
Summary
An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 7.4.2 and below, version 7.2.9 and below, 7.0 all versions may allow a local user to escalate their privileges via FortiClient related executables.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-347 - Escalation of privilege
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.4.0 , ≤ 7.4.2
(semver)
Affected: 7.2.0 , ≤ 7.2.9 (semver) Affected: 7.0.0 , ≤ 7.0.14 (semver) cpe:2.3:a:fortinet:forticlientmac:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.14:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T03:56:20.193267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:32.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientmac:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.9",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.14",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 7.4.2 and below, version 7.2.9 and below, 7.0 all versions may allow a local user to escalate their privileges via FortiClient related executables."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T09:17:59.755Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-126",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-126"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiClientMac version 7.4.4 or above\nUpgrade to FortiClientMac version 7.2.10 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-46774",
"datePublished": "2025-10-14T15:23:47.725Z",
"dateReserved": "2025-04-29T08:42:13.449Z",
"dateUpdated": "2026-02-26T17:47:32.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31365 (GCVE-0-2025-31365)
Vulnerability from cvelistv5 – Published: 2025-10-14 15:23 – Updated: 2026-02-26 17:47
VLAI
Summary
An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 through 7.2.8 may allow an unauthenticated attacker to execute arbitrary code on the victim's host via tricking the user into visiting a malicious website.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Execute unauthorized code or commands
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.4.0 , ≤ 7.4.3
(semver)
Affected: 7.2.1 , ≤ 7.2.8 (semver) cpe:2.3:a:fortinet:forticlientmac:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T03:56:21.013019Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:32.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientmac:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.3",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability [CWE-94] in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 through 7.2.8 may allow an unauthenticated attacker to execute arbitrary code on the victim\u0027s host via tricking the user into visiting a malicious website."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L/E:P/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T09:18:30.974Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-037",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-037"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiClientMac version 7.4.4 or above\nUpgrade to FortiClientMac version 7.2.9 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-31365",
"datePublished": "2025-10-14T15:23:43.265Z",
"dateReserved": "2025-03-28T10:49:05.633Z",
"dateUpdated": "2026-02-26T17:47:32.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-57741 (GCVE-0-2025-57741)
Vulnerability from cvelistv5 – Published: 2025-10-14 15:22 – Updated: 2026-02-26 17:47
VLAI
Summary
An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitrary code or commands via LaunchDaemon hijacking.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-732 - Escalation of privilege
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.4.0 , ≤ 7.4.3
(semver)
Affected: 7.2.0 , ≤ 7.2.11 (semver) Affected: 7.0.0 , ≤ 7.0.14 (semver) cpe:2.3:a:fortinet:forticlientmac:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.14:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57741",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T03:57:10.519942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:36.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientmac:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.3",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.11",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.14",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitrary code or commands via LaunchDaemon hijacking."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T09:14:46.176Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-664",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-664"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiClientMac version 7.4.4 or above\nUpgrade to FortiClientMac version 7.2.12 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-57741",
"datePublished": "2025-10-14T15:22:49.758Z",
"dateReserved": "2025-08-19T12:04:48.437Z",
"dateUpdated": "2026-02-26T17:47:36.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-25251 (GCVE-0-2025-25251)
Vulnerability from cvelistv5 – Published: 2025-05-28 07:53 – Updated: 2026-02-26 18:27
VLAI
Summary
An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Escalation of privilege
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.4.0 , ≤ 7.4.2
(semver)
Affected: 7.2.0 , ≤ 7.2.8 (semver) Affected: 7.0.0 , ≤ 7.0.14 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25251",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-29T03:55:42.976511Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:27:52.267Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.14",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T07:53:42.390Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-016",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-016"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientMac version 7.4.3 or above \nPlease upgrade to FortiClientMac version 7.2.9 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-25251",
"datePublished": "2025-05-28T07:53:42.390Z",
"dateReserved": "2025-02-05T13:31:18.866Z",
"dateUpdated": "2026-02-26T18:27:52.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35281 (GCVE-0-2024-35281)
Vulnerability from cvelistv5 – Published: 2025-05-13 14:46 – Updated: 2025-05-13 15:17
VLAI
Summary
An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variables.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-653 - Execute unauthorized code or commands
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.4.0 , ≤ 7.4.2
(semver)
Affected: 7.2.0 , ≤ 7.2.8 (semver) Affected: 7.0.0 , ≤ 7.0.14 (semver) |
|
| Fortinet | FortiVoiceUCDesktop |
Affected:
3.0.0 , ≤ 3.0.16
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T15:17:53.581796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T15:17:58.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.14",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiVoiceUCDesktop",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "3.0.16",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variables."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T14:46:42.574Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-025",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-025"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientMac version 7.4.3 or above \nPlease upgrade to FortiClientMac version 7.2.9 or above \nPlease upgrade to FortiVoiceUCDesktop version 7.0.0 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-35281",
"datePublished": "2025-05-13T14:46:42.574Z",
"dateReserved": "2024-05-14T21:15:19.190Z",
"dateUpdated": "2025-05-13T15:17:58.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45588 (GCVE-0-2023-45588)
Vulnerability from cvelistv5 – Published: 2025-03-14 15:46 – Updated: 2025-03-14 17:40
VLAI
Summary
An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-73 - Execute unauthorized code or commands
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.2.0 , ≤ 7.2.3
(semver)
Affected: 7.0.6 , ≤ 7.0.10 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-14T17:35:03.137093Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T17:40:22.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.3",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.6",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T15:46:35.063Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-345",
"url": "https://fortiguard.com/psirt/FG-IR-23-345"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientMac version 7.2.4 or above \nPlease upgrade to FortiClientMac version 7.0.11 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-45588",
"datePublished": "2025-03-14T15:46:35.063Z",
"dateReserved": "2023-10-09T08:01:29.297Z",
"dateUpdated": "2025-03-14T17:40:22.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52968 (GCVE-0-2024-52968)
Vulnerability from cvelistv5 – Published: 2025-02-11 16:09 – Updated: 2025-02-11 16:35
VLAI
Summary
An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper access control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.4.0
Affected: 7.2.3 , ≤ 7.2.4 (semver) Affected: 7.0.11 , ≤ 7.0.12 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52968",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T16:34:59.442307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T16:35:11.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.12",
"status": "affected",
"version": "7.0.11",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T16:09:00.587Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-300",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-300"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientMac version 7.4.1 or above \nPlease upgrade to FortiClientMac version 7.2.5 or above \nPlease upgrade to FortiClientMac version 7.0.13 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-52968",
"datePublished": "2025-02-11T16:09:00.587Z",
"dateReserved": "2024-11-18T13:36:52.465Z",
"dateUpdated": "2025-02-11T16:35:11.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50570 (GCVE-0-2024-50570)
Vulnerability from cvelistv5 – Published: 2024-12-18 12:44 – Updated: 2025-08-27 21:29
VLAI
Summary
A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.4.0 , ≤ 7.4.2
(semver)
Affected: 7.2.0 , ≤ 7.2.7 (semver) Affected: 7.0.0 , ≤ 7.0.14 (semver) |
|
| Fortinet | FortiClientLinux |
Affected:
7.4.0 , ≤ 7.4.2
(semver)
Affected: 7.2.0 , ≤ 7.2.7 (semver) Affected: 7.0.0 , ≤ 7.0.13 (semver) |
|
| Fortinet | FortiClientWindows |
Affected:
7.4.0
Affected: 7.2.0 , ≤ 7.2.5 (semver) Affected: 7.0.0 , ≤ 7.0.13 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50570",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-18T14:30:59.618705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T21:29:14.762Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.7",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.14",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientLinux",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.7",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientWindows",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript\u0027s garbage collector"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N/E:F/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T12:44:38.644Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-278",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-278"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientLinux version 7.4.3 or above \nPlease upgrade to FortiClientLinux version 7.2.8 or above \nPlease upgrade to FortiClientLinux version 7.0.14 or above \nPlease upgrade to FortiClientWindows version 7.4.2 or above \nPlease upgrade to FortiClientWindows version 7.2.7 or above \nPlease upgrade to FortiClientWindows version 7.0.14 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-50570",
"datePublished": "2024-12-18T12:44:38.644Z",
"dateReserved": "2024-10-24T11:52:14.402Z",
"dateUpdated": "2025-08-27T21:29:14.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40592 (GCVE-0-2024-40592)
Vulnerability from cvelistv5 – Published: 2024-11-12 18:53 – Updated: 2024-11-13 18:30
VLAI
Summary
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to swap the installer with a malicious package via a race condition during the installation process.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-347 - Execute unauthorized code or commands
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.4.0
Affected: 7.2.0 , ≤ 7.2.4 (semver) Affected: 7.0.0 , ≤ 7.0.10 (semver) Affected: 6.4.0 , ≤ 6.4.10 (semver) |
|
| fortinet | forticlientmac |
Affected:
7.4.0
Affected: 7.2.0 , ≤ 7.2.4 (semver) Affected: 7.0.0 , ≤ 7.0.10 (semver) Affected: 6.4.0 , ≤ 6.4.10 (semver) cpe:2.3:a:fortinet:forticlientmac:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientmac:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "forticlientmac",
"vendor": "fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T18:28:42.477120Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T18:30:43.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to\u00a0swap the installer with a malicious package via a race condition during the installation process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T18:53:49.686Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-022",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-022"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientMac version 7.4.1 or above \nPlease upgrade to FortiClientMac version 7.2.5 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-40592",
"datePublished": "2024-11-12T18:53:49.686Z",
"dateReserved": "2024-07-05T11:55:50.011Z",
"dateUpdated": "2024-11-13T18:30:43.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45856 (GCVE-0-2022-45856)
Vulnerability from cvelistv5 – Published: 2024-09-10 14:37 – Updated: 2024-09-10 19:01
VLAI
Summary
An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and both the service provider and the identity provider.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Information disclosure
Assigner
References
1 reference
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientiOS |
Affected:
7.0.3 , ≤ 7.0.6
(semver)
Affected: 7.0.0 , ≤ 7.0.1 (semver) Affected: 6.0.0 , ≤ 6.0.1 (semver) Affected: 5.6.5 , ≤ 5.6.6 (semver) Affected: 5.6.0 , ≤ 5.6.1 (semver) Affected: 5.4.3 , ≤ 5.4.4 (semver) Affected: 5.4.0 , ≤ 5.4.1 (semver) Affected: 5.2.0 , ≤ 5.2.3 (semver) Affected: 5.0.0 , ≤ 5.0.3 (semver) Affected: 4.0.0 , ≤ 4.0.2 (semver) Affected: 2.0.0 , ≤ 2.0.1 (semver) cpe:2.3:a:fortinet:forticlientios:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.6.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.6.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:4.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:4.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:2.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:2.0.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiClientAndroid |
Affected:
7.2.0
Affected: 7.0.6 , ≤ 7.0.7 (semver) Affected: 7.0.2 , ≤ 7.0.3 (semver) Affected: 7.0.0 Affected: 6.4.6 Affected: 6.4.4 Affected: 6.4.1 Affected: 6.0.0 Affected: 5.6.0 Affected: 5.4.0 , ≤ 5.4.2 (semver) Affected: 5.2.0 , ≤ 5.2.8 (semver) Affected: 5.0.0 , ≤ 5.0.3 (semver) |
|
| Fortinet | FortiClientMac |
Affected:
7.2.0 , ≤ 7.2.4
(semver)
Affected: 7.0.0 , ≤ 7.0.13 (semver) Affected: 6.4.0 , ≤ 6.4.10 (semver) |
|
| Fortinet | FortiClientLinux |
Affected:
7.2.0 , ≤ 7.2.4
(semver)
Affected: 7.0.0 , ≤ 7.0.13 (semver) Affected: 6.4.7 , ≤ 6.4.9 (semver) Affected: 6.4.0 , ≤ 6.4.4 (semver) |
|
| Fortinet | FortiClientWindows |
Affected:
7.0.0 , ≤ 7.0.7
(semver)
Affected: 6.4.0 , ≤ 6.4.10 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45856",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T19:01:07.692905Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T19:01:23.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientios:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.6.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.6.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:4.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:4.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:4.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:2.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:2.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiClientiOS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.1",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.6.6",
"status": "affected",
"version": "5.6.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.6.1",
"status": "affected",
"version": "5.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.4",
"status": "affected",
"version": "5.4.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.1",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.3",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.0.3",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.2",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientAndroid",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"lessThanOrEqual": "7.0.7",
"status": "affected",
"version": "7.0.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.2",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "6.4.6"
},
{
"status": "affected",
"version": "6.4.4"
},
{
"status": "affected",
"version": "6.4.1"
},
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "5.6.0"
},
{
"lessThanOrEqual": "5.4.2",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.8",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.0.3",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientLinux",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.9",
"status": "affected",
"version": "6.4.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.4",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientWindows",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to\u00a0man-in-the-middle the communication between the FortiClient and\u00a0 both the service provider and the identity provider."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:37:48.663Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-22-230",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-230"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientAndroid version 7.2.1 or above \nPlease upgrade to FortiClientiOS version 7.0.7 or above \nPlease upgrade to FortiClientMac version 7.4.0 or above \nPlease upgrade to FortiClientMac version 7.2.5 or above \nPlease upgrade to FortiClientLinux version 7.4.0 or above \nPlease upgrade to FortiClientLinux version 7.2.5 or above \nPlease upgrade to FortiClientWindows version 7.2.0 or above \nPlease upgrade to FortiClientWindows version 7.0.8 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-45856",
"datePublished": "2024-09-10T14:37:48.663Z",
"dateReserved": "2022-11-23T14:57:05.612Z",
"dateUpdated": "2024-09-10T19:01:23.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31489 (GCVE-0-2024-31489)
Vulnerability from cvelistv5 – Published: 2024-09-10 14:37 – Updated: 2024-09-10 17:52
VLAI
Summary
AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Information disclosure
Assigner
References
1 reference
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.2.0 , ≤ 7.2.4
(semver)
Affected: 7.0.0 , ≤ 7.0.11 (semver) |
|
| Fortinet | FortiClientEMS |
Affected:
7.0.0 , ≤ 7.0.13
(semver)
|
|
| Fortinet | FortiClientLinux |
Affected:
7.2.0
Affected: 7.0.0 , ≤ 7.0.11 (semver) |
|
| Fortinet | FortiClientWindows |
Affected:
7.2.0 , ≤ 7.2.2
(semver)
Affected: 7.0.0 , ≤ 7.0.11 (semver) |
|
| fortinet | forticlientmac |
Affected:
7.2.0 , ≤ 7.2.4
(custom)
Affected: 7.0.0 , ≤ 7.0.11 (custom) cpe:2.3:a:fortinet:forticlientmac:*:*:*:*:*:*:*:* |
|
| fortinet | forticlientlinux |
Affected:
7.2.0
Affected: 7.0.0 , ≤ 7.0.11 (custom) cpe:2.3:a:fortinet:forticlientlinux:*:*:*:*:*:*:*:* |
|
| fortinet | forticlientwindows |
Affected:
7.2.0 , ≤ 7.2.2
(custom)
Affected: 7.0.0 , ≤ 7.0.11 (custom) cpe:2.3:a:fortinet:forticlientwindows:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientmac:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "forticlientmac",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.0.11",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientlinux:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "forticlientlinux",
"vendor": "fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"lessThanOrEqual": "7.0.11",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientwindows:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "forticlientwindows",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.2",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.0.11",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:47:00.423144Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T17:52:01.310Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.11",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientEMS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientLinux",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"lessThanOrEqual": "7.0.11",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientWindows",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.2",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.11",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:37:48.066Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-22-282",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-282"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientMac version 7.2.5 or above \nPlease upgrade to FortiClientMac version 7.0.12 or above \nPlease upgrade to FortiClientEMS version 7.2.0 or above \nPlease upgrade to FortiClientLinux version 7.2.1 or above \nPlease upgrade to FortiClientLinux version 7.0.12 or above \nPlease upgrade to FortiClientWindows version 7.2.3 or above \nPlease upgrade to FortiClientWindows version 7.0.12 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-31489",
"datePublished": "2024-09-10T14:37:48.066Z",
"dateReserved": "2024-04-04T12:52:41.585Z",
"dateUpdated": "2024-09-10T17:52:01.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31492 (GCVE-0-2024-31492)
Vulnerability from cvelistv5 – Published: 2024-04-10 13:24 – Updated: 2024-08-22 18:27
VLAI
Summary
An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-73 - Execute unauthorized code or commands
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.2.0 , ≤ 7.2.3
(semver)
Affected: 7.0.6 , ≤ 7.0.10 (semver) |
|
| fortinet | forticlientmac |
Affected:
7.2.0 , ≤ 7.2.3
(custom)
Affected: 7.0.6 , ≤ 7.0.10 (custom) cpe:2.3:a:fortinet:forticlientmac:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-345",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-23-345"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientmac:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "forticlientmac",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.3",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.6",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31492",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-11T04:01:18.349326Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T18:27:36.614Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.3",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.6",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-10T13:24:56.859Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-345",
"url": "https://fortiguard.com/psirt/FG-IR-23-345"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientMac version 7.2.4 or above \nPlease upgrade to FortiClientMac version 7.0.11 or above \n"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-31492",
"datePublished": "2024-04-10T13:24:56.859Z",
"dateReserved": "2024-04-04T12:52:41.586Z",
"dateUpdated": "2024-08-22T18:27:36.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37939 (GCVE-0-2023-37939)
Vulnerability from cvelistv5 – Published: 2023-10-10 16:50 – Updated: 2024-09-18 20:26
VLAI
Summary
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Information disclosure
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.2.0 , ≤ 7.2.1
(semver)
Affected: 7.0.0 , ≤ 7.0.9 (semver) Affected: 6.4.0 , ≤ 6.4.10 (semver) Affected: 6.2.0 , ≤ 6.2.9 (semver) |
|
| Fortinet | FortiClientWindows |
Affected:
7.2.0
Affected: 7.0.0 , ≤ 7.0.9 (semver) Affected: 6.4.0 , ≤ 6.4.10 (semver) Affected: 6.2.0 , ≤ 6.2.9 (semver) |
|
| Fortinet | FortiClientLinux |
Affected:
7.2.0
Affected: 7.0.6 , ≤ 7.0.9 (semver) Affected: 7.0.0 , ≤ 7.0.4 (semver) Affected: 6.4.7 , ≤ 6.4.9 (semver) Affected: 6.4.0 , ≤ 6.4.4 (semver) Affected: 6.2.6 , ≤ 6.2.9 (semver) Affected: 6.2.0 , ≤ 6.2.4 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-235",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-235"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T20:26:36.640081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T20:26:45.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.9",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.9",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FortiClientWindows",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"lessThanOrEqual": "7.0.9",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.9",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FortiClientLinux",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"lessThanOrEqual": "7.0.9",
"status": "affected",
"version": "7.0.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.4",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.9",
"status": "affected",
"version": "6.4.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.4",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.9",
"status": "affected",
"version": "6.2.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.4",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in\u00a0FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of\u00a0files or folders excluded from malware scanning."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T16:50:04.463Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-235",
"url": "https://fortiguard.com/psirt/FG-IR-22-235"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientMac version 7.2.2 or above Please upgrade to FortiClientWindows version 7.2.1 or above Please upgrade to FortiClientLinux version 7.2.1 or above "
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-37939",
"datePublished": "2023-10-10T16:50:04.463Z",
"dateReserved": "2023-07-11T08:16:54.093Z",
"dateUpdated": "2024-09-18T20:26:45.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22635 (GCVE-0-2023-22635)
Vulnerability from cvelistv5 – Published: 2023-04-11 16:05 – Updated: 2024-10-23 14:30
VLAI
Summary
A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate their privileges via modifying the installer upon upgrade.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-494 - Escalation of privilege
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.0.0 , ≤ 7.0.7
(semver)
Affected: 6.4.0 , ≤ 6.4.10 (semver) Affected: 6.2.0 , ≤ 6.2.9 (semver) Affected: 6.0.1 , ≤ 6.0.10 (semver) Affected: 5.6.5 , ≤ 5.6.6 (semver) Affected: 5.6.3 Affected: 5.6.0 , ≤ 5.6.1 (semver) Affected: 5.4.0 , ≤ 5.4.4 (semver) Affected: 5.2.0 , ≤ 5.2.6 (semver) Affected: 5.0.0 , ≤ 5.0.10 (semver) Affected: 4.0.0 , ≤ 4.0.3 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:49.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-481",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-481"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:11:26.445933Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:30:57.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.9",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.10",
"status": "affected",
"version": "6.0.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.6.6",
"status": "affected",
"version": "5.6.5",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.6.3"
},
{
"lessThanOrEqual": "5.6.1",
"status": "affected",
"version": "5.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.4",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.6",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.0.10",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.3",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate their privileges via modifying the installer upon upgrade."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T16:05:35.785Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-481",
"url": "https://fortiguard.com/psirt/FG-IR-22-481"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to\u00a0\u00a0FortiClientMac version 7.0.8 or above.\r\nPlease upgrade to\u00a0\u00a0FortiClientMac version 7.2.0\u00a0or above."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-22635",
"datePublished": "2023-04-11T16:05:35.785Z",
"dateReserved": "2023-01-05T10:06:31.521Z",
"dateUpdated": "2024-10-23T14:30:57.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5585 (GCVE-0-2019-5585)
Vulnerability from cvelistv5 – Published: 2019-04-09 20:57 – Updated: 2024-10-25 14:07
VLAI
Summary
An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several FortiClientMac processes.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Denial of service
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/107693 | vdb-entryx_refsource_BID |
| https://fortiguard.com/advisory/FG-IR-19-003 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
6.0.4
Affected: 6.0.3 Affected: 6.0.2 Affected: 6.0.1 |
Date Public
2019-04-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107693",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107693"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-19-003"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-5585",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T13:59:59.058259Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:07:15.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.1"
}
]
}
],
"datePublic": "2019-04-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application\u0027s performance via modifying the contents of a file used by several FortiClientMac processes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-09T20:57:14.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "107693",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107693"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-19-003"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2019-5585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FortiClientMac",
"version": {
"version_data": [
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.1"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application\u0027s performance via modifying the contents of a file used by several FortiClientMac processes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107693",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107693"
},
{
"name": "https://fortiguard.com/advisory/FG-IR-19-003",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-19-003"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2019-5585",
"datePublished": "2019-04-09T20:57:14.000Z",
"dateReserved": "2019-01-07T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:07:15.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46774 (GCVE-0-2025-46774)
Vulnerability from nvd – Published: 2025-10-14 15:23 – Updated: 2026-02-26 17:47
VLAI
Summary
An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 7.4.2 and below, version 7.2.9 and below, 7.0 all versions may allow a local user to escalate their privileges via FortiClient related executables.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-347 - Escalation of privilege
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.4.0 , ≤ 7.4.2
(semver)
Affected: 7.2.0 , ≤ 7.2.9 (semver) Affected: 7.0.0 , ≤ 7.0.14 (semver) cpe:2.3:a:fortinet:forticlientmac:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.14:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T03:56:20.193267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:32.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientmac:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.9",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.14",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 7.4.2 and below, version 7.2.9 and below, 7.0 all versions may allow a local user to escalate their privileges via FortiClient related executables."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T09:17:59.755Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-126",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-126"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiClientMac version 7.4.4 or above\nUpgrade to FortiClientMac version 7.2.10 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-46774",
"datePublished": "2025-10-14T15:23:47.725Z",
"dateReserved": "2025-04-29T08:42:13.449Z",
"dateUpdated": "2026-02-26T17:47:32.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31365 (GCVE-0-2025-31365)
Vulnerability from nvd – Published: 2025-10-14 15:23 – Updated: 2026-02-26 17:47
VLAI
Summary
An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 through 7.2.8 may allow an unauthenticated attacker to execute arbitrary code on the victim's host via tricking the user into visiting a malicious website.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Execute unauthorized code or commands
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.4.0 , ≤ 7.4.3
(semver)
Affected: 7.2.1 , ≤ 7.2.8 (semver) cpe:2.3:a:fortinet:forticlientmac:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T03:56:21.013019Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:32.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientmac:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.3",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability [CWE-94] in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 through 7.2.8 may allow an unauthenticated attacker to execute arbitrary code on the victim\u0027s host via tricking the user into visiting a malicious website."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L/E:P/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T09:18:30.974Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-037",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-037"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiClientMac version 7.4.4 or above\nUpgrade to FortiClientMac version 7.2.9 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-31365",
"datePublished": "2025-10-14T15:23:43.265Z",
"dateReserved": "2025-03-28T10:49:05.633Z",
"dateUpdated": "2026-02-26T17:47:32.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-57741 (GCVE-0-2025-57741)
Vulnerability from nvd – Published: 2025-10-14 15:22 – Updated: 2026-02-26 17:47
VLAI
Summary
An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitrary code or commands via LaunchDaemon hijacking.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-732 - Escalation of privilege
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.4.0 , ≤ 7.4.3
(semver)
Affected: 7.2.0 , ≤ 7.2.11 (semver) Affected: 7.0.0 , ≤ 7.0.14 (semver) cpe:2.3:a:fortinet:forticlientmac:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.14:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientmac:7.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57741",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T03:57:10.519942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:36.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientmac:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientmac:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.3",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.11",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.14",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitrary code or commands via LaunchDaemon hijacking."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T09:14:46.176Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-664",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-664"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiClientMac version 7.4.4 or above\nUpgrade to FortiClientMac version 7.2.12 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-57741",
"datePublished": "2025-10-14T15:22:49.758Z",
"dateReserved": "2025-08-19T12:04:48.437Z",
"dateUpdated": "2026-02-26T17:47:36.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-25251 (GCVE-0-2025-25251)
Vulnerability from nvd – Published: 2025-05-28 07:53 – Updated: 2026-02-26 18:27
VLAI
Summary
An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Escalation of privilege
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.4.0 , ≤ 7.4.2
(semver)
Affected: 7.2.0 , ≤ 7.2.8 (semver) Affected: 7.0.0 , ≤ 7.0.14 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25251",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-29T03:55:42.976511Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:27:52.267Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.14",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T07:53:42.390Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-016",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-016"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientMac version 7.4.3 or above \nPlease upgrade to FortiClientMac version 7.2.9 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-25251",
"datePublished": "2025-05-28T07:53:42.390Z",
"dateReserved": "2025-02-05T13:31:18.866Z",
"dateUpdated": "2026-02-26T18:27:52.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35281 (GCVE-0-2024-35281)
Vulnerability from nvd – Published: 2025-05-13 14:46 – Updated: 2025-05-13 15:17
VLAI
Summary
An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variables.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-653 - Execute unauthorized code or commands
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.4.0 , ≤ 7.4.2
(semver)
Affected: 7.2.0 , ≤ 7.2.8 (semver) Affected: 7.0.0 , ≤ 7.0.14 (semver) |
|
| Fortinet | FortiVoiceUCDesktop |
Affected:
3.0.0 , ≤ 3.0.16
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T15:17:53.581796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T15:17:58.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.14",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiVoiceUCDesktop",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "3.0.16",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variables."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T14:46:42.574Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-025",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-025"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientMac version 7.4.3 or above \nPlease upgrade to FortiClientMac version 7.2.9 or above \nPlease upgrade to FortiVoiceUCDesktop version 7.0.0 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-35281",
"datePublished": "2025-05-13T14:46:42.574Z",
"dateReserved": "2024-05-14T21:15:19.190Z",
"dateUpdated": "2025-05-13T15:17:58.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45588 (GCVE-0-2023-45588)
Vulnerability from nvd – Published: 2025-03-14 15:46 – Updated: 2025-03-14 17:40
VLAI
Summary
An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-73 - Execute unauthorized code or commands
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.2.0 , ≤ 7.2.3
(semver)
Affected: 7.0.6 , ≤ 7.0.10 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-14T17:35:03.137093Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T17:40:22.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.3",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.6",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T15:46:35.063Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-345",
"url": "https://fortiguard.com/psirt/FG-IR-23-345"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientMac version 7.2.4 or above \nPlease upgrade to FortiClientMac version 7.0.11 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-45588",
"datePublished": "2025-03-14T15:46:35.063Z",
"dateReserved": "2023-10-09T08:01:29.297Z",
"dateUpdated": "2025-03-14T17:40:22.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52968 (GCVE-0-2024-52968)
Vulnerability from nvd – Published: 2025-02-11 16:09 – Updated: 2025-02-11 16:35
VLAI
Summary
An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper access control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.4.0
Affected: 7.2.3 , ≤ 7.2.4 (semver) Affected: 7.0.11 , ≤ 7.0.12 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52968",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T16:34:59.442307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T16:35:11.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.12",
"status": "affected",
"version": "7.0.11",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T16:09:00.587Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-300",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-300"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientMac version 7.4.1 or above \nPlease upgrade to FortiClientMac version 7.2.5 or above \nPlease upgrade to FortiClientMac version 7.0.13 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-52968",
"datePublished": "2025-02-11T16:09:00.587Z",
"dateReserved": "2024-11-18T13:36:52.465Z",
"dateUpdated": "2025-02-11T16:35:11.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50570 (GCVE-0-2024-50570)
Vulnerability from nvd – Published: 2024-12-18 12:44 – Updated: 2025-08-27 21:29
VLAI
Summary
A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.4.0 , ≤ 7.4.2
(semver)
Affected: 7.2.0 , ≤ 7.2.7 (semver) Affected: 7.0.0 , ≤ 7.0.14 (semver) |
|
| Fortinet | FortiClientLinux |
Affected:
7.4.0 , ≤ 7.4.2
(semver)
Affected: 7.2.0 , ≤ 7.2.7 (semver) Affected: 7.0.0 , ≤ 7.0.13 (semver) |
|
| Fortinet | FortiClientWindows |
Affected:
7.4.0
Affected: 7.2.0 , ≤ 7.2.5 (semver) Affected: 7.0.0 , ≤ 7.0.13 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50570",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-18T14:30:59.618705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T21:29:14.762Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.7",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.14",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientLinux",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.7",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientWindows",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript\u0027s garbage collector"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N/E:F/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T12:44:38.644Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-278",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-278"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientLinux version 7.4.3 or above \nPlease upgrade to FortiClientLinux version 7.2.8 or above \nPlease upgrade to FortiClientLinux version 7.0.14 or above \nPlease upgrade to FortiClientWindows version 7.4.2 or above \nPlease upgrade to FortiClientWindows version 7.2.7 or above \nPlease upgrade to FortiClientWindows version 7.0.14 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-50570",
"datePublished": "2024-12-18T12:44:38.644Z",
"dateReserved": "2024-10-24T11:52:14.402Z",
"dateUpdated": "2025-08-27T21:29:14.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40592 (GCVE-0-2024-40592)
Vulnerability from nvd – Published: 2024-11-12 18:53 – Updated: 2024-11-13 18:30
VLAI
Summary
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to swap the installer with a malicious package via a race condition during the installation process.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-347 - Execute unauthorized code or commands
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.4.0
Affected: 7.2.0 , ≤ 7.2.4 (semver) Affected: 7.0.0 , ≤ 7.0.10 (semver) Affected: 6.4.0 , ≤ 6.4.10 (semver) |
|
| fortinet | forticlientmac |
Affected:
7.4.0
Affected: 7.2.0 , ≤ 7.2.4 (semver) Affected: 7.0.0 , ≤ 7.0.10 (semver) Affected: 6.4.0 , ≤ 6.4.10 (semver) cpe:2.3:a:fortinet:forticlientmac:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientmac:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "forticlientmac",
"vendor": "fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T18:28:42.477120Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T18:30:43.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to\u00a0swap the installer with a malicious package via a race condition during the installation process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T18:53:49.686Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-022",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-022"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientMac version 7.4.1 or above \nPlease upgrade to FortiClientMac version 7.2.5 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-40592",
"datePublished": "2024-11-12T18:53:49.686Z",
"dateReserved": "2024-07-05T11:55:50.011Z",
"dateUpdated": "2024-11-13T18:30:43.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31489 (GCVE-0-2024-31489)
Vulnerability from nvd – Published: 2024-09-10 14:37 – Updated: 2024-09-10 17:52
VLAI
Summary
AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Information disclosure
Assigner
References
1 reference
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.2.0 , ≤ 7.2.4
(semver)
Affected: 7.0.0 , ≤ 7.0.11 (semver) |
|
| Fortinet | FortiClientEMS |
Affected:
7.0.0 , ≤ 7.0.13
(semver)
|
|
| Fortinet | FortiClientLinux |
Affected:
7.2.0
Affected: 7.0.0 , ≤ 7.0.11 (semver) |
|
| Fortinet | FortiClientWindows |
Affected:
7.2.0 , ≤ 7.2.2
(semver)
Affected: 7.0.0 , ≤ 7.0.11 (semver) |
|
| fortinet | forticlientmac |
Affected:
7.2.0 , ≤ 7.2.4
(custom)
Affected: 7.0.0 , ≤ 7.0.11 (custom) cpe:2.3:a:fortinet:forticlientmac:*:*:*:*:*:*:*:* |
|
| fortinet | forticlientlinux |
Affected:
7.2.0
Affected: 7.0.0 , ≤ 7.0.11 (custom) cpe:2.3:a:fortinet:forticlientlinux:*:*:*:*:*:*:*:* |
|
| fortinet | forticlientwindows |
Affected:
7.2.0 , ≤ 7.2.2
(custom)
Affected: 7.0.0 , ≤ 7.0.11 (custom) cpe:2.3:a:fortinet:forticlientwindows:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientmac:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "forticlientmac",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.0.11",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientlinux:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "forticlientlinux",
"vendor": "fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"lessThanOrEqual": "7.0.11",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientwindows:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "forticlientwindows",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.2",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.0.11",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:47:00.423144Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T17:52:01.310Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.11",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientEMS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientLinux",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"lessThanOrEqual": "7.0.11",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientWindows",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.2",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.11",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:37:48.066Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-22-282",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-282"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientMac version 7.2.5 or above \nPlease upgrade to FortiClientMac version 7.0.12 or above \nPlease upgrade to FortiClientEMS version 7.2.0 or above \nPlease upgrade to FortiClientLinux version 7.2.1 or above \nPlease upgrade to FortiClientLinux version 7.0.12 or above \nPlease upgrade to FortiClientWindows version 7.2.3 or above \nPlease upgrade to FortiClientWindows version 7.0.12 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-31489",
"datePublished": "2024-09-10T14:37:48.066Z",
"dateReserved": "2024-04-04T12:52:41.585Z",
"dateUpdated": "2024-09-10T17:52:01.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45856 (GCVE-0-2022-45856)
Vulnerability from nvd – Published: 2024-09-10 14:37 – Updated: 2024-09-10 19:01
VLAI
Summary
An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and both the service provider and the identity provider.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Information disclosure
Assigner
References
1 reference
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientiOS |
Affected:
7.0.3 , ≤ 7.0.6
(semver)
Affected: 7.0.0 , ≤ 7.0.1 (semver) Affected: 6.0.0 , ≤ 6.0.1 (semver) Affected: 5.6.5 , ≤ 5.6.6 (semver) Affected: 5.6.0 , ≤ 5.6.1 (semver) Affected: 5.4.3 , ≤ 5.4.4 (semver) Affected: 5.4.0 , ≤ 5.4.1 (semver) Affected: 5.2.0 , ≤ 5.2.3 (semver) Affected: 5.0.0 , ≤ 5.0.3 (semver) Affected: 4.0.0 , ≤ 4.0.2 (semver) Affected: 2.0.0 , ≤ 2.0.1 (semver) cpe:2.3:a:fortinet:forticlientios:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.6.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.6.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:4.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:4.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:2.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:2.0.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiClientAndroid |
Affected:
7.2.0
Affected: 7.0.6 , ≤ 7.0.7 (semver) Affected: 7.0.2 , ≤ 7.0.3 (semver) Affected: 7.0.0 Affected: 6.4.6 Affected: 6.4.4 Affected: 6.4.1 Affected: 6.0.0 Affected: 5.6.0 Affected: 5.4.0 , ≤ 5.4.2 (semver) Affected: 5.2.0 , ≤ 5.2.8 (semver) Affected: 5.0.0 , ≤ 5.0.3 (semver) |
|
| Fortinet | FortiClientMac |
Affected:
7.2.0 , ≤ 7.2.4
(semver)
Affected: 7.0.0 , ≤ 7.0.13 (semver) Affected: 6.4.0 , ≤ 6.4.10 (semver) |
|
| Fortinet | FortiClientLinux |
Affected:
7.2.0 , ≤ 7.2.4
(semver)
Affected: 7.0.0 , ≤ 7.0.13 (semver) Affected: 6.4.7 , ≤ 6.4.9 (semver) Affected: 6.4.0 , ≤ 6.4.4 (semver) |
|
| Fortinet | FortiClientWindows |
Affected:
7.0.0 , ≤ 7.0.7
(semver)
Affected: 6.4.0 , ≤ 6.4.10 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45856",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T19:01:07.692905Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T19:01:23.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientios:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.6.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.6.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:4.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:4.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:4.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:2.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:2.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiClientiOS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.1",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.6.6",
"status": "affected",
"version": "5.6.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.6.1",
"status": "affected",
"version": "5.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.4",
"status": "affected",
"version": "5.4.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.1",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.3",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.0.3",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.2",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientAndroid",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"lessThanOrEqual": "7.0.7",
"status": "affected",
"version": "7.0.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.2",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "6.4.6"
},
{
"status": "affected",
"version": "6.4.4"
},
{
"status": "affected",
"version": "6.4.1"
},
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "5.6.0"
},
{
"lessThanOrEqual": "5.4.2",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.8",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.0.3",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientLinux",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.9",
"status": "affected",
"version": "6.4.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.4",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientWindows",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to\u00a0man-in-the-middle the communication between the FortiClient and\u00a0 both the service provider and the identity provider."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:37:48.663Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-22-230",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-230"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientAndroid version 7.2.1 or above \nPlease upgrade to FortiClientiOS version 7.0.7 or above \nPlease upgrade to FortiClientMac version 7.4.0 or above \nPlease upgrade to FortiClientMac version 7.2.5 or above \nPlease upgrade to FortiClientLinux version 7.4.0 or above \nPlease upgrade to FortiClientLinux version 7.2.5 or above \nPlease upgrade to FortiClientWindows version 7.2.0 or above \nPlease upgrade to FortiClientWindows version 7.0.8 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-45856",
"datePublished": "2024-09-10T14:37:48.663Z",
"dateReserved": "2022-11-23T14:57:05.612Z",
"dateUpdated": "2024-09-10T19:01:23.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31492 (GCVE-0-2024-31492)
Vulnerability from nvd – Published: 2024-04-10 13:24 – Updated: 2024-08-22 18:27
VLAI
Summary
An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-73 - Execute unauthorized code or commands
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.2.0 , ≤ 7.2.3
(semver)
Affected: 7.0.6 , ≤ 7.0.10 (semver) |
|
| fortinet | forticlientmac |
Affected:
7.2.0 , ≤ 7.2.3
(custom)
Affected: 7.0.6 , ≤ 7.0.10 (custom) cpe:2.3:a:fortinet:forticlientmac:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-345",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-23-345"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientmac:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "forticlientmac",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.3",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.6",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31492",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-11T04:01:18.349326Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T18:27:36.614Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.3",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.6",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-10T13:24:56.859Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-345",
"url": "https://fortiguard.com/psirt/FG-IR-23-345"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientMac version 7.2.4 or above \nPlease upgrade to FortiClientMac version 7.0.11 or above \n"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-31492",
"datePublished": "2024-04-10T13:24:56.859Z",
"dateReserved": "2024-04-04T12:52:41.586Z",
"dateUpdated": "2024-08-22T18:27:36.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37939 (GCVE-0-2023-37939)
Vulnerability from nvd – Published: 2023-10-10 16:50 – Updated: 2024-09-18 20:26
VLAI
Summary
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Information disclosure
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.2.0 , ≤ 7.2.1
(semver)
Affected: 7.0.0 , ≤ 7.0.9 (semver) Affected: 6.4.0 , ≤ 6.4.10 (semver) Affected: 6.2.0 , ≤ 6.2.9 (semver) |
|
| Fortinet | FortiClientWindows |
Affected:
7.2.0
Affected: 7.0.0 , ≤ 7.0.9 (semver) Affected: 6.4.0 , ≤ 6.4.10 (semver) Affected: 6.2.0 , ≤ 6.2.9 (semver) |
|
| Fortinet | FortiClientLinux |
Affected:
7.2.0
Affected: 7.0.6 , ≤ 7.0.9 (semver) Affected: 7.0.0 , ≤ 7.0.4 (semver) Affected: 6.4.7 , ≤ 6.4.9 (semver) Affected: 6.4.0 , ≤ 6.4.4 (semver) Affected: 6.2.6 , ≤ 6.2.9 (semver) Affected: 6.2.0 , ≤ 6.2.4 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-235",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-235"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T20:26:36.640081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T20:26:45.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.9",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.9",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FortiClientWindows",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"lessThanOrEqual": "7.0.9",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.9",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FortiClientLinux",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"lessThanOrEqual": "7.0.9",
"status": "affected",
"version": "7.0.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.4",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.9",
"status": "affected",
"version": "6.4.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.4",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.9",
"status": "affected",
"version": "6.2.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.4",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in\u00a0FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of\u00a0files or folders excluded from malware scanning."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T16:50:04.463Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-235",
"url": "https://fortiguard.com/psirt/FG-IR-22-235"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientMac version 7.2.2 or above Please upgrade to FortiClientWindows version 7.2.1 or above Please upgrade to FortiClientLinux version 7.2.1 or above "
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-37939",
"datePublished": "2023-10-10T16:50:04.463Z",
"dateReserved": "2023-07-11T08:16:54.093Z",
"dateUpdated": "2024-09-18T20:26:45.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22635 (GCVE-0-2023-22635)
Vulnerability from nvd – Published: 2023-04-11 16:05 – Updated: 2024-10-23 14:30
VLAI
Summary
A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate their privileges via modifying the installer upon upgrade.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-494 - Escalation of privilege
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.0.0 , ≤ 7.0.7
(semver)
Affected: 6.4.0 , ≤ 6.4.10 (semver) Affected: 6.2.0 , ≤ 6.2.9 (semver) Affected: 6.0.1 , ≤ 6.0.10 (semver) Affected: 5.6.5 , ≤ 5.6.6 (semver) Affected: 5.6.3 Affected: 5.6.0 , ≤ 5.6.1 (semver) Affected: 5.4.0 , ≤ 5.4.4 (semver) Affected: 5.2.0 , ≤ 5.2.6 (semver) Affected: 5.0.0 , ≤ 5.0.10 (semver) Affected: 4.0.0 , ≤ 4.0.3 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:49.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-481",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-481"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:11:26.445933Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:30:57.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.9",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.10",
"status": "affected",
"version": "6.0.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.6.6",
"status": "affected",
"version": "5.6.5",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.6.3"
},
{
"lessThanOrEqual": "5.6.1",
"status": "affected",
"version": "5.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.4",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.6",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.0.10",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.3",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate their privileges via modifying the installer upon upgrade."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T16:05:35.785Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-481",
"url": "https://fortiguard.com/psirt/FG-IR-22-481"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to\u00a0\u00a0FortiClientMac version 7.0.8 or above.\r\nPlease upgrade to\u00a0\u00a0FortiClientMac version 7.2.0\u00a0or above."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-22635",
"datePublished": "2023-04-11T16:05:35.785Z",
"dateReserved": "2023-01-05T10:06:31.521Z",
"dateUpdated": "2024-10-23T14:30:57.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5585 (GCVE-0-2019-5585)
Vulnerability from nvd – Published: 2019-04-09 20:57 – Updated: 2024-10-25 14:07
VLAI
Summary
An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several FortiClientMac processes.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Denial of service
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/107693 | vdb-entryx_refsource_BID |
| https://fortiguard.com/advisory/FG-IR-19-003 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
6.0.4
Affected: 6.0.3 Affected: 6.0.2 Affected: 6.0.1 |
Date Public
2019-04-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107693",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107693"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-19-003"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-5585",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T13:59:59.058259Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:07:15.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.1"
}
]
}
],
"datePublic": "2019-04-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application\u0027s performance via modifying the contents of a file used by several FortiClientMac processes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-09T20:57:14.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "107693",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107693"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-19-003"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2019-5585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FortiClientMac",
"version": {
"version_data": [
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.1"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application\u0027s performance via modifying the contents of a file used by several FortiClientMac processes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107693",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107693"
},
{
"name": "https://fortiguard.com/advisory/FG-IR-19-003",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-19-003"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2019-5585",
"datePublished": "2019-04-09T20:57:14.000Z",
"dateReserved": "2019-01-07T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:07:15.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}