CVE-2023-22635

Summary

A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate their privileges via modifying the installer upon upgrade.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiClientMac7.0.0 <= 7.0.7affected
FortinetFortiClientMac6.4.0 <= 6.4.10affected
FortinetFortiClientMac6.2.0 <= 6.2.9affected
FortinetFortiClientMac6.0.1 <= 6.0.10affected
FortinetFortiClientMac5.6.5 <= 5.6.6affected
FortinetFortiClientMac5.6.3affected
FortinetFortiClientMac5.6.0 <= 5.6.1affected
FortinetFortiClientMac5.4.0 <= 5.4.4affected
FortinetFortiClientMac5.2.0 <= 5.2.6affected
FortinetFortiClientMac5.0.0 <= 5.0.10affected
FortinetFortiClientMac4.0.0 <= 4.0.3affected

Weaknesses

  • CWE-494: Escalation of privilege

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References