CVE-2024-40592

🗓️ 12 Nov 2024 18:53:49Reported by fortinetType

Improper cryptographic signature verification in FortiClient MacOS versions may enable installer swa

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability of the Fortinet FortiClient security device arises from improper verification of the cryptographic signature. This allows attackers to compromise the confidentiality, integrity, and accessibility of information.	22 Nov 202400:00	–	bdu_fstec
Circl	CVE-2024-40592	12 Nov 202419:25	–	circl
CNNVD	Fortinet FortiClient 数据伪造问题漏洞	12 Nov 202400:00	–	cnnvd
CNVD	Fortinet FortiClient Data Forgery Issue Vulnerability (CNVD-2024-49647)	15 Nov 202400:00	–	cnvd
CVE	CVE-2024-40592	12 Nov 202418:53	–	cve
EUVD	EUVD-2024-38529	3 Oct 202520:07	–	euvd
Tenable Nessus	Fortinet FortiClient - Missing signature verification (FG-IR-24-022) (macOS)	12 Nov 202400:00	–	nessus
NCSC	Vulnerabilities fixed in Fortinet FortiClient	14 Nov 202412:42	–	ncsc
NVD	CVE-2024-40592	12 Nov 202419:15	–	nvd
OSV	CVE-2024-40592	12 Nov 202419:15	–	osv

[
  {
    "vendor": "Fortinet",
    "product": "FortiClientMac",
    "cpes": [],
    "defaultStatus": "unaffected",
    "versions": [
      {
        "version": "7.4.0",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.2.0",
        "lessThanOrEqual": "7.2.4",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.0.0",
        "lessThanOrEqual": "7.0.10",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.4.0",
        "lessThanOrEqual": "6.4.10",
        "status": "affected"
      }
    ]
  }
]

Source	Link
fortiguard	www.fortiguard.fortinet.com/psirt/FG-IR-24-022

12 Nov 2024 18:53Current

CVSS 3.17.5

EPSS0.00034

CWE-347