CVE-2021-42754

EUVD-2021-29712
An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without the user permission via the malicious dylib file.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.2 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
fortinetCNA
3.2 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N/E:F/RL:X/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
fortinetforticlient
6.4.0 ≤
𝑥
≤ 6.4.5
fortinetforticlient
7.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://fortiguard.com/advisory/FG-IR-21-079
https://fortiguard.com/advisory/FG-IR-21-079