CVE-2024-35281

Summary

An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variables.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiClientMac7.4.0 <= 7.4.2affected
FortinetFortiClientMac7.2.0 <= 7.2.8affected
FortinetFortiClientMac7.0.0 <= 7.0.14affected
FortinetFortiVoiceUCDesktop3.0.0 <= 3.0.16affected

Weaknesses

  • CWE-653: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References