CVE-2023-22635

HIGH

Fortinet Forticlient < 5.6.6 - Download Without Integrity Check

Title source: rule

Description

A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate their privileges via modifying the installer upon upgrade.

References (1)

[Vendor Advisory] https://fortiguard.com/psirt/FG-IR-22-481

Scores

CVSS v3 7.3

EPSS 0.0006

EPSS Percentile 19.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-494

Status published

Products (1)

fortinet/forticlient 4.0.0 - 5.6.6

Published Apr 11, 2023

Tracked Since Feb 18, 2026