CVE-2022-33878

Summary

An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal.

Affected Software

VendorProductVersion RangeStatus
FortinetFortinet FortiClientMacFortiClientMac 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0affected

Weaknesses

  • Information disclosure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References