External control of file name or path vuln in FortiClientMac v7.2.3 & below, v7.0.10 & below installer may allow local attacker to execute arbitrary code or commands via writing malicious config file in /tmp before installation process
Reporter | Title | Published | Views | Family All 5 |
---|---|---|---|---|
Vulnrichment | CVE-2024-31492 | 10 Apr 202413:24 | – | vulnrichment |
Cvelist | CVE-2024-31492 | 10 Apr 202413:24 | – | cvelist |
NVD | CVE-2024-31492 | 10 Apr 202413:51 | – | nvd |
Tenable Nessus | Fortinet FortiClient Lack of configuration file validation (FG-IR-23-345) (macOS) | 9 Apr 202400:00 | – | nessus |
The Hacker News | Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability | 11 Apr 202405:23 | – | thn |
[
{
"vendor": "Fortinet",
"product": "FortiClientMac",
"defaultStatus": "unaffected",
"versions": [
{
"versionType": "semver",
"version": "7.2.0",
"lessThanOrEqual": "7.2.3",
"status": "affected"
},
{
"versionType": "semver",
"version": "7.0.6",
"lessThanOrEqual": "7.0.10",
"status": "affected"
}
]
}
]
Source | Link |
---|---|
fortiguard | www.fortiguard.com/psirt/FG-IR-23-345 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo