How severe is CVE-2024-40592?

CVE-2024-40592 has a CVSS v3 score of 7.5 (HIGH).

CVE-2024-40592

Name: forticlient
Author: fortinet

7.5HIGH

An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a

Veröffentlicht: 11/12/2024Aktualisiert: 11/14/2024

Beschreibung

An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to swap the installer with a malicious package via a race condition during the installation process.

KI-AnalyseKI-gestützt

Betroffene Produkte

fortinetforticlient

7.4.0

Referenzen

https://fortiguard.fortinet.com/psirt/FG-IR-24-022
Vendor Advisory