← Zuruck zu CVEs
CVE-2024-40592
HIGH7.5
Beschreibung
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to swap the installer with a malicious package via a race condition during the installation process.
CVE Details
CVSS v3.1 Bewertung7.5
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
AngriffsvektorLOCAL
KomplexitatHIGH
Erforderliche PrivilegienLOW
BenutzerinteraktionREQUIRED
Veroffentlicht11/12/2024
Zuletzt geandert11/14/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
fortinet:forticlient
Schwachen (CWE)
CWE-347
Referenzen
https://fortiguard.fortinet.com/psirt/FG-IR-24-022(psirt@fortinet.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.