CVE-2024-40592Improper Verification of Cryptographic Signature in Fortinet Forticlient

CWE-347Improper Verification of Cryptographic Signature4 documents4 sources
Severity
6.7MEDIUMNVD
CNA7.5
EPSS
0.0%
top 90.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet ForticlientFortinet Forticlientmac
Timeline
PublishedNov 12

Description

An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to swap the installer with a malicious package via a race condition during the installation process.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/forticlient6.4.07.2.5+1
CVEListV5fortinet/forticlientmac7.2.07.2.4+3

🔴Vulnerability Details

2
GHSA
GHSA-3vq2-5g7p-fgf2: An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 72024-11-12
CVEList
CVE-2024-40592: An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 72024-11-12

📋Vendor Advisories

1
Fortinet
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version...2024-11-12
CVE-2024-40592 — Fortinet Forticlient vulnerability | cvebase