Fortinet Forticlientmac vulnerabilities

CVE-2022-33878 [LOW] CWE-200 CVE-2022-33878: An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiClient An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal.

CVE-2021-42754 [LOW] CWE-94 CVE-2021-42754: An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without the user permission via the malicious dylib file.

CVE-2021-26089 [MEDIUM] CWE-59 CVE-2021-26089: An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged use An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase.