An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without the user permission via the malicious dylib file.
References
| Link | Resource |
|---|---|
| https://fortiguard.com/advisory/FG-IR-21-079 | Vendor Advisory |
| https://fortiguard.com/advisory/FG-IR-21-079 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:28
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://fortiguard.com/advisory/FG-IR-21-079 - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 3.2 |
04 Nov 2021, 14:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.0 |
| References | (CONFIRM) https://fortiguard.com/advisory/FG-IR-21-079 - Vendor Advisory | |
| CPE | cpe:2.3:a:fortinet:forticlient:7.0.0:*:*:*:*:macos:*:* cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:* |
|
| CWE | CWE-94 |
02 Nov 2021, 19:36
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-11-02 19:15
Updated : 2024-11-21 06:28
NVD link : CVE-2021-42754
Mitre link : CVE-2021-42754
CVE.ORG link : CVE-2021-42754
JSON object : View
Products Affected
fortinet
- forticlient
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')