CVE-2024-31492

high

Description

An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.

References

https://www.securityweek.com/fortinet-patches-critical-rce-vulnerability-in-forticlientlinux/

https://fortiguard.com/psirt/FG-IR-23-345

Details

Source: Mitre, NVD

Published: 2024-04-10

Updated: 2024-04-10

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 8.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Severity: High

Detections

Analytics