Page 5 of 22 results (0.003 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase. Un seguimiento inapropiado de los enlaces simbólicos en FortiClient para Mac versiones 6.4.3 y por debajo, puede permitir a un usuario no privilegiado ejecutar comandos de shell con privilegios arbitrarios durante la fase de instalación This vulnerability allows local attackers to escalate privileges on affected installations of Fortinet FortiClient on Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the FortiClient installer. The issue lies in the lack of proper permissions set on log files created by the installer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://fortiguard.com/advisory/FG-IR-21-022 https://www.zerodayinitiative.com/advisories/ZDI-22-078 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded key. El uso de una clave criptográfica embebida para cifrar datos confidenciales de seguridad en el almacenamiento local y la configuración en FortiClient para Windows versiones anteriores a 6.4.0, puede permitir a un atacante con acceso al almacenamiento local o al archivo de copia de seguridad de la configuración descifrar los datos confidenciales mediante el conocimiento de la clave embebida • https://fortiguard.com/psirt/FG-IR-19-194 • CWE-798: Use of Hard-coded Credentials •