CVE-2024-31492

CWE-734 documents4 sources
Severity
7.8HIGH
EPSS
0.1%
top 70.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet ForticlientFortinet Forticlientmac
Timeline
PublishedApr 10

Description

An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages2 packages

CVEListV5fortinet/forticlientmac7.2.07.2.3+1
NVDfortinet/forticlient7.0.67.0.11+1

🔴Vulnerability Details

2
CVEList
CVE-2024-31492: An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 72024-04-10
GHSA
GHSA-2xw4-7mq9-jfcm: An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 72024-04-10

📋Vendor Advisories

1
Fortinet
An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0...2024-04-10
CVE-2024-31492 (HIGH CVSS 7.8) | An external control of file name or | cvebase.io