PT-2022-21879 · Fortinet · Fortitray+1
Published
2022-11-02
·
Updated
2023-08-08
·
CVE-2022-33878
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FortiClient for Mac versions 7.0.0 through 7.0.5
Description
The issue allows a local authenticated attacker to obtain the SSL-VPN password in cleartext by running a logstream for the FortiTray process in the terminal, potentially exposing sensitive information to unauthorized actors.
Recommendations
For FortiClient for Mac versions 7.0.0 through 7.0.5, consider restricting access to the terminal to minimize the risk of exploitation, and avoid running a logstream for the FortiTray process until a fix is available.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Forticlient
Fortitray