CVE-2022-33877 MEDIUM

CVE-2022-33877

Vendor Fortinet
Product FortiConverter
Weakness CWE-276
Published June 13, 2023
Last update October 23, 2024

CVSS base score

6.8/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X

What the vulnerability does

01Description

An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter (Windows) versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConverter is installed in an insecure folder.

Key dates

02Disclosure timeline

June 13, 2023 CVE published
October 23, 2024 Record updated