CVE-2024-40592

HIGH

FortiClient MacOS <7.4.0 - Code Injection

Title source: llm

Description

An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to swap the installer with a malicious package via a race condition during the installation process.

References (1)

[Vendor Advisory] https://fortiguard.fortinet.com/psirt/FG-IR-24-022

Scores

CVSS v3 7.5

EPSS 0.0003

EPSS Percentile 9.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-347

Status published

Products (2)

fortinet/forticlient 7.4.0

fortinet/forticlient 6.4.0 - 7.2.5

Published Nov 12, 2024

Tracked Since Feb 18, 2026