8.4
CVE-2024-52968
- EPSS 0.05%
- Published 11.02.2025 17:15:23
- Last modified 16.07.2025 15:15:25
- Source psirt@fortinet.com
- Teams watchlist Login
- Open Login
An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password.
Data is provided by the National Vulnerability Database (NVD)
Fortinet ≫ FortiClient SwPlatformmacos Version >= 7.0.11 < 7.0.13
Fortinet ≫ FortiClient SwPlatformmacos Version >= 7.2.3 < 7.2.5
Fortinet ≫ FortiClient Version7.4.0 SwPlatformmacos
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.13 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.4 | 2.5 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| psirt@fortinet.com | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.