Lack of configuration file validation Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-23-345 Final 1 1 2024-04-09T00:00:00 Current version 2024-04-09T00:00:00 2024-04-09T00:00:00 An external control of file name or path vulnerability [CWE-73] in FortiClientMac's installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. None Execute unauthorized code or commands Fortinet is pleased to thank Tomas Kabrt for reporting this vulnerability under responsible disclosure. FortiClientMac 7.2.3 FortiClientMac 7.2.2 FortiClientMac 7.2.1 FortiClientMac 7.2.0 FortiClientMac 7.0.10 FortiClientMac 7.0.9 FortiClientMac 7.0.8 FortiClientMac 7.0.7 FortiClientMac 7.0.6 CVE-2023-45588 CVE-2024-31492 FortiClientMac-7.2.3 FortiClientMac-7.2.2 FortiClientMac-7.2.1 FortiClientMac-7.2.0 FortiClientMac-7.0.10 FortiClientMac-7.0.9 FortiClientMac-7.0.8 FortiClientMac-7.0.7 FortiClientMac-7.0.6 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-23-345 Lack of configuration file validation Reference>