CVE-2023-22635 MEDIUM

CVE-2023-22635

Vendor Fortinet
Product FortiClientMac
Weakness CWE-494 · Download without integrity check
Published April 11, 2023
Last update October 23, 2024

CVSS base score

6.9/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:X/RC:X

What the vulnerability does

01Description

A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate their privileges via modifying the installer upon upgrade.

Key dates

02Disclosure timeline

April 11, 2023 CVE published
October 23, 2024 Record updated