CVE-2024-31492

Summary

CVE-2024-31492 is a newly identified vulnerability affecting FortiClientMac versions 7.2.3 and below, as well as version 7.0.10 and below installers. This issue involves an external control of file name or path (CWE-73) weakness. An attacker with local access can exploit this vulnerability by crafting a malicious configuration file and placing it in the /tmp directory before the FortiClient installation process begins. Successful exploitation allows the attacker to execute arbitrary codes or commands on the targeted system. This vulnerability poses a significant risk and emphasizes the importance of prompt patching once updates are available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.