CVE-2023-37939 LOW

CVE-2023-37939

Vendor Fortinet
Product FortiClientMac
Weakness CWE-200 · Info exposure
Published October 10, 2023
Last update September 18, 2024

CVSS base score

3.0/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:R

What the vulnerability does

01Description

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning.

Key dates

02Disclosure timeline

October 10, 2023 CVE published
September 18, 2024 Record updated