CVE-2023-22635

Description

A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate their privileges via modifying the installer upon upgrade.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

Physical

Affected products

fortinet / forticlientmac7.0.0 – 7.0.7
fortinet / forticlientmac6.4.0 – 6.4.10
fortinet / forticlientmac6.2.0 – 6.2.9
fortinet / forticlientmac6.0.1 – 6.0.10
fortinet / forticlientmac5.6.5 – 5.6.6
fortinet / forticlientmac5.6.3 – 5.6.3
fortinet / forticlientmac5.6.0 – 5.6.1
fortinet / forticlientmac5.4.0 – 5.4.4
fortinet / forticlientmac5.2.0 – 5.2.6
fortinet / forticlientmac5.0.0 – 5.0.10
fortinet / forticlientmac4.0.0 – 4.0.3

References

VENDOR_ADVISORYhttps://fortiguard.com/psirt/FG-IR-22-481