CVE-2023-45588

CWE-734 documents4 sources
Severity
7.8HIGH
EPSS
0.0%
top 88.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet ForticlientFortinet Forticlientmac
Timeline
PublishedMar 14

Description

An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages2 packages

CVEListV5fortinet/forticlientmac7.2.07.2.3+1
NVDfortinet/forticlient7.0.67.0.11+1

🔴Vulnerability Details

2
CVEList
CVE-2023-45588: An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 72025-03-14
GHSA
GHSA-hh82-jv5x-68c7: An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 72025-03-14

📋Vendor Advisories

1
Fortinet
An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0...2024-04-10
CVE-2023-45588 (HIGH CVSS 7.8) | An external control of file name or | cvebase.io