Vulnerability Details CVE-2024-40592
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to swap the installer with a malicious package via a race condition during the installation process.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.0%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2024-40592
-
cpe:2.3:a:fortinet:forticlient:6.4.0
-
cpe:2.3:a:fortinet:forticlient:6.4.1
-
cpe:2.3:a:fortinet:forticlient:6.4.10
-
cpe:2.3:a:fortinet:forticlient:6.4.2
-
cpe:2.3:a:fortinet:forticlient:6.4.3
-
cpe:2.3:a:fortinet:forticlient:6.4.4
-
cpe:2.3:a:fortinet:forticlient:6.4.5
-
cpe:2.3:a:fortinet:forticlient:7.0.0
-
cpe:2.3:a:fortinet:forticlient:7.0.1
-
cpe:2.3:a:fortinet:forticlient:7.0.10
-
cpe:2.3:a:fortinet:forticlient:7.0.11
-
cpe:2.3:a:fortinet:forticlient:7.0.12
-
cpe:2.3:a:fortinet:forticlient:7.0.2
-
cpe:2.3:a:fortinet:forticlient:7.0.3
-
cpe:2.3:a:fortinet:forticlient:7.0.4
-
cpe:2.3:a:fortinet:forticlient:7.0.5
-
cpe:2.3:a:fortinet:forticlient:7.0.6
-
cpe:2.3:a:fortinet:forticlient:7.0.7
-
cpe:2.3:a:fortinet:forticlient:7.0.8
-
cpe:2.3:a:fortinet:forticlient:7.0.9
-
cpe:2.3:a:fortinet:forticlient:7.2.0
-
cpe:2.3:a:fortinet:forticlient:7.2.1
-
cpe:2.3:a:fortinet:forticlient:7.2.4
-
cpe:2.3:a:fortinet:forticlient:7.4.0