CVE-2021-42754

CWE-94Code Injection4 documents4 sources
Severity
5.0MEDIUM
EPSS
0.2%
top 52.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet ForticlientFortinet Fortinet Forticlientmac
Timeline
PublishedNov 2
Latest updateMay 24

Description

An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without the user permission via the malicious dylib file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:NExploitability: 1.5 | Impact: 1.4

Affected Packages2 packages

NVDfortinet/forticlient6.4.06.4.5+1
CVEListV5fortinet/fortinet_forticlientmacFortiClientMac 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0

🔴Vulnerability Details

2
GHSA
GHSA-5vh5-7q79-c2mp: An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 72022-05-24
CVEList
CVE-2021-42754: An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 72021-11-02

📋Vendor Advisories

1
Fortinet
An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5...2021-11-02
CVE-2021-42754 (MEDIUM CVSS 5) | An improper control of generation o | cvebase.io