CPE Details
Fortinet FortiClient 7.0.10 for macOS
7.0.10
2025-01-21
13h02 +00:00
13h02 +00:00
2025-01-21
13h02 +00:00
13h02 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:fortinet:forticlient:7.0.10:*:*:*:*:macos:*:*
Informations
Vendor
fortinetProduct
forticlientVersion
7.0.10Target Software
macosRelated CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to swap the installer with a malicious package via a race condition during the installation process. | 7.5 |
High |
||
| AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation | 8.1 |
High |
||
| DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. | 7.6 |
High |
||
| An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. | 8.2 |
High |
2025©
tesweb SA
