CVE-2024-35281

An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variables.

CVSS v3 2.5 LOW

2.5^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.0 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-025	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fortinet:forticlient::::::macos::*
	cpe:2.3:a:fortinet:forticlient::::::macos::*
	cpe:2.3:a:fortinet:fortifone_softclient::::::desktop::*

History

19 Nov 2025, 13:35

Type	Values Removed	Values Added
CPE		cpe:2.3:a:fortinet:fortifone_softclient::::::desktop::* cpe:2.3:a:fortinet:forticlient::::::macos::*
First Time		Fortinet forticlient Fortinet fortifone Softclient Fortinet
References	~~() https://fortiguard.fortinet.com/psirt/FG-IR-24-025 -~~	() https://fortiguard.fortinet.com/psirt/FG-IR-24-025 - Vendor Advisory

Information

Published : 2025-05-13 15:15

Updated : 2025-11-19 13:35

NVD link : CVE-2024-35281

Mitre link : CVE-2024-35281

CVE.ORG link : CVE-2024-35281

JSON object : View

Products Affected

fortinet

fortifone_softclient
forticlient

CWE

CWE-653

Improper Isolation or Compartmentalization

{"id": "CVE-2024-35281", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.5, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.0}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-05-13T15:15:52.060", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-025", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-653"}]}], "descriptions": [{"lang": "en", "value": "An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variables."}, {"lang": "es", "value": "Una vulnerabilidad de aislamiento o compartimentaci\u00f3n inadecuada [CWE-653] en la aplicaci\u00f3n de escritorio FortiClientMac versi\u00f3n 7.4.2 y anteriores, versi\u00f3n 7.2.8 y anteriores, 7.0 todas las versiones y FortiVoiceUCDesktop 3.0 todas las versiones puede permitir que un atacante autenticado inyecte c\u00f3digo a trav\u00e9s de variables de entorno de Electron."}], "lastModified": "2025-11-19T13:35:35.710", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "6C849529-C78C-4DE7-B2EA-FFF29FF9972F", "versionEndExcluding": "7.2.9", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "96EF5BCC-56D3-4218-80A2-085F8B63D83A", "versionEndExcluding": "7.4.3", "versionStartIncluding": "7.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortifone_softclient:*:*:*:*:*:desktop:*:*", "vulnerable": true, "matchCriteriaId": "46C62B51-61BB-43AE-B434-B70DE5415658", "versionEndIncluding": "3.0.16", "versionStartIncluding": "3.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}