CVE-2024-35281 — LOW (2.5) — White Hats Nepal

Q: How severe is CVE-2024-35281?

CVE-2024-35281 has been rated LOW with a CVSS base score of 2.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-35281?

Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Forticlient, Fortinet Fortifone Softclient.

Vulnerability Description

An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variables.

CVSS Score

2.5

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Fortinet	Forticlient	>= 7.0.0, < 7.2.9
Fortinet	Fortifone Softclient	>= 3.0.0, <= 3.0.16

Related Weaknesses (CWE)

CWE-653

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-025Vendor Advisory

FAQ

What is CVE-2024-35281?

CVE-2024-35281 is a vulnerability with a CVSS score of 2.5 (LOW). An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desk...

How severe is CVE-2024-35281?

CVE-2024-35281 has been rated LOW with a CVSS base score of 2.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-35281?

Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Forticlient, Fortinet Fortifone Softclient.