CVE-2023-45588
Published: 14 March 2025
Description
Adversaries may abuse Unix shell commands and scripts for execution.
Security Summary
CVE-2023-45588 is an external control of file name or path vulnerability (CWE-73) affecting the FortiClientMac installer in versions 7.2.3 and below, as well as versions 7.0.10 and below. The flaw arises when the installer processes a malicious configuration file placed in the /tmp directory prior to the installation process starting. This vulnerability has a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact with changed scope.
A local attacker with low privileges can exploit this vulnerability by writing a malicious configuration file to /tmp and tricking a user into initiating the FortiClientMac installation process, which requires user interaction. Successful exploitation allows the attacker to execute arbitrary code or commands, potentially leading to high confidentiality, integrity, and availability impacts on the affected system.
The FortiGuard PSIRT advisory (FG-IR-23-345) provides details on this issue, including recommended mitigations and patches, available at https://fortiguard.com/psirt/FG-IR-23-345. The vulnerability was published on 2025-03-14T16:15:27.570.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is a local file path control flaw (CWE-73) in the FortiClientMac installer allowing a low-privileged attacker to place a malicious config in /tmp and achieve arbitrary code/command execution upon user-initiated install, directly mapping to T1068 (Exploitation for Privilege Escalation) and T1059.004 (Unix Shell).