CVE-2023-45588

Name of the Vulnerable Software and Affected Versions: FortiClientMac versions 7.2.3 and below FortiClientMac version 7.0.10 and below installer

Description: The issue allows a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. This is due to an external control of file name or path vulnerability.

Recommendations: For FortiClientMac versions 7.2.3 and below, update to a version above 7.2.3 to resolve the issue. For FortiClientMac version 7.0.10 and below installer, update the installer to a version above 7.0.10 to mitigate the risk. As a temporary workaround, consider restricting write access to the /tmp directory to prevent malicious configuration files from being written.