CVE-2022-33877

Published: Jun 13, 2023Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter (Windows) versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConverter is installed in an insecure folder.

Affected (6)

Products: Fortinet: Forticlient, Forticonverter

Fortinet

2 products

Forticlient

Forticonverter

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Fortinet Forticlient	From 6.4.0 to 6.4.8
Fortinet Forticlient	From 7.0.0 to 7.0.6
Fortinet Forticonverter	From 6.0.0 to 6.0.3
Fortinet Forticonverter	Version 6.2.0
Fortinet Forticonverter	Version 6.2.1
Fortinet Forticonverter	Version 7.0.0

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://fortiguard.com/psirt/FG-IR-22-229

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-22-229

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.