CVE-2024-35281 — Improper Isolation or Compartmentalization in Fortinet Forticlientmac

CWE-653 — Improper Isolation or Compartmentalization4 documents4 sources

Severity

7.8HIGHNVD

CNA2.5

EPSS

0.1%

top 82.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Forticlient Fortinet Forticlientmac Fortinet Fortivoiceucdesktop +1 more

Timeline

PublishedMay 13

Description

An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variables.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5fortinet/fortivoiceucdesktop3.0.0 — 3.0.16

▶CVEListV5fortinet/forticlientmac7.4.0 — 7.4.2+2

▶NVDfortinet/forticlient7.0.0 — 7.2.9+1

▶NVDfortinet/fortifone_softclient3.0.0 — 3.0.16

🔴Vulnerability Details

GHSA

GHSA-9qx4-7755-7gxr: An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7↗2025-05-13

▶

CVEList

CVE-2024-35281: An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7↗2025-05-13

▶

📋Vendor Advisories

Fortinet

An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version...↗2025-05-13

▶