CVE-2022-33877

Summary

An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter (Windows) versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConverter is installed in an insecure folder.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiConverter7.0.0affected
FortinetFortiConverter6.2.0 <= 6.2.1affected
FortinetFortiConverter6.0.0 <= 6.0.3affected
FortinetFortiClientWindows7.0.0 <= 7.0.6affected
FortinetFortiClientWindows6.4.0 <= 6.4.8affected

Weaknesses

  • CWE-276: Improper access control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References