{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-22635", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2023-01-05T10:06:31.521Z", "datePublished": "2023-04-11T16:05:35.785Z", "dateUpdated": "2024-10-23T14:30:57.422Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiClientMac", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.7", "status": "affected"}, {"versionType": "semver", "version": "6.4.0", "lessThanOrEqual": "6.4.10", "status": "affected"}, {"versionType": "semver", "version": "6.2.0", "lessThanOrEqual": "6.2.9", "status": "affected"}, {"versionType": "semver", "version": "6.0.1", "lessThanOrEqual": "6.0.10", "status": "affected"}, {"versionType": "semver", "version": "5.6.5", "lessThanOrEqual": "5.6.6", "status": "affected"}, {"version": "5.6.3", "status": "affected"}, {"versionType": "semver", "version": "5.6.0", "lessThanOrEqual": "5.6.1", "status": "affected"}, {"versionType": "semver", "version": "5.4.0", "lessThanOrEqual": "5.4.4", "status": "affected"}, {"versionType": "semver", "version": "5.2.0", "lessThanOrEqual": "5.2.6", "status": "affected"}, {"versionType": "semver", "version": "5.0.0", "lessThanOrEqual": "5.0.10", "status": "affected"}, {"versionType": "semver", "version": "4.0.0", "lessThanOrEqual": "4.0.3", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions,  6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate their privileges via modifying the installer upon upgrade."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-04-11T16:05:35.785Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-494", "description": "Escalation of privilege", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:X/RC:X"}}], "solutions": [{"lang": "en", "value": "Please upgrade to\u00a0\u00a0FortiClientMac version 7.0.8 or above.\r\nPlease upgrade to\u00a0\u00a0FortiClientMac version 7.2.0\u00a0or above."}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-22-481", "url": "https://fortiguard.com/psirt/FG-IR-22-481"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:13:49.410Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.com/psirt/FG-IR-22-481", "url": "https://fortiguard.com/psirt/FG-IR-22-481", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-23T14:11:26.445933Z", "id": "CVE-2023-22635", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T14:30:57.422Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-22-481", "name": "https://fortiguard.com/psirt/FG-IR-22-481", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:13:49.410Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-22635", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-23T14:11:26.445933Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T14:15:06.039Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:X/RC:X", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Fortinet", "product": "FortiClientMac", "versions": [{"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.7"}, {"status": "affected", "version": "6.4.0", "versionType": "semver", "lessThanOrEqual": "6.4.10"}, {"status": "affected", "version": "6.2.0", "versionType": "semver", "lessThanOrEqual": "6.2.9"}, {"status": "affected", "version": "6.0.1", "versionType": "semver", "lessThanOrEqual": "6.0.10"}, {"status": "affected", "version": "5.6.5", "versionType": "semver", "lessThanOrEqual": "5.6.6"}, {"status": "affected", "version": "5.6.3"}, {"status": "affected", "version": "5.6.0", "versionType": "semver", "lessThanOrEqual": "5.6.1"}, {"status": "affected", "version": "5.4.0", "versionType": "semver", "lessThanOrEqual": "5.4.4"}, {"status": "affected", "version": "5.2.0", "versionType": "semver", "lessThanOrEqual": "5.2.6"}, {"status": "affected", "version": "5.0.0", "versionType": "semver", "lessThanOrEqual": "5.0.10"}, {"status": "affected", "version": "4.0.0", "versionType": "semver", "lessThanOrEqual": "4.0.3"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to\u00a0\u00a0FortiClientMac version 7.0.8 or above.\r\nPlease upgrade to\u00a0\u00a0FortiClientMac version 7.2.0\u00a0or above."}], "references": [{"url": "https://fortiguard.com/psirt/FG-IR-22-481", "name": "https://fortiguard.com/psirt/FG-IR-22-481"}], "descriptions": [{"lang": "en", "value": "A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions,  6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate their privileges via modifying the installer upon upgrade."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-494", "description": "Escalation of privilege"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-04-11T16:05:35.785Z"}}}, "cveMetadata": {"cveId": "CVE-2023-22635", "state": "PUBLISHED", "dateUpdated": "2024-10-23T14:30:57.422Z", "dateReserved": "2023-01-05T10:06:31.521Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2023-04-11T16:05:35.785Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*", "matchCriteriaId": "9042C015-3FBF-43C0-9E0A-10C761AF1B68", "versionEndIncluding": "5.6.6", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*", "matchCriteriaId": "38117A67-11E8-4928-8450-E9B85265747A", "versionEndIncluding": "6.4.10", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*", "matchCriteriaId": "C1EA50D1-71A4-4687-B921-54B66A1E1BBF", "versionEndExcluding": "7.0.8", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions,  6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate their privileges via modifying the installer upon upgrade."}], "id": "CVE-2023-22635", "lastModified": "2024-11-21T07:45:05.787", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.5, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-11T17:15:08.043", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-22-481"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-22-481"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-494"}], "source": "psirt@fortinet.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-494"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}