CVE-2023-22635

CWE-4944 documents4 sources
Severity
7.8HIGH
EPSS
0.1%
top 81.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet ForticlientFortinet Forticlientmac
Timeline
PublishedApr 11

Description

A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate their privileges via modifying the installer upon upgrade.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:LExploitability: 1.8 | Impact: 5.5

Affected Packages2 packages

CVEListV5fortinet/forticlientmac7.0.07.0.7+10
NVDfortinet/forticlient7.0.07.0.8+2

🔴Vulnerability Details

2
GHSA
GHSA-jcr5-fwvw-wm84: A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 72023-04-11
CVEList
CVE-2023-22635: A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 72023-04-11

📋Vendor Advisories

1
Fortinet
A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 al...2023-04-11
CVE-2023-22635 (HIGH CVSS 7.8) | A download of code without Integrit | cvebase.io