CVE-2021-42754 LOW

CVE-2021-42754

Vendor Fortinet
Product Fortinet FortiClientMac
Published November 2, 2021
Last update October 25, 2024

CVSS base score

3.2/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N/E:F/RL:X/RC:C

What the vulnerability does

01Description

An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without the user permission via the malicious dylib file.

Key dates

02Disclosure timeline

November 2, 2021 CVE published
October 25, 2024 Record updated