CVE-2023-45588
Published: 14 March 2025
Summary
CVE-2023-45588 is a high-severity External Control of File Name or Path (CWE-73) vulnerability in Fortinet Forticlient. Its CVSS base score is 8.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 9.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely remediation through patching the vulnerable FortiClientMac installer versions directly eliminates the external control of file name or path vulnerability as recommended in the vendor advisory.
Validates file names and paths used by the installer to block processing of malicious configuration files placed in /tmp by local attackers.
Restricts the installer to only accept configuration files from trusted locations and sources, preventing exploitation via arbitrary paths like /tmp.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a local file path control flaw (CWE-73) in the FortiClientMac installer allowing a low-privileged attacker to place a malicious config in /tmp and achieve arbitrary code/command execution upon user-initiated install, directly mapping to T1068 (Exploitation for Privilege Escalation) and T1059.004 (Unix Shell).
NVD Description
An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp…
more
before starting the installation process.
Deeper analysisAI
CVE-2023-45588 is an external control of file name or path vulnerability (CWE-73) affecting the FortiClientMac installer in versions 7.2.3 and below, as well as versions 7.0.10 and below. The flaw arises when the installer processes a malicious configuration file placed in the /tmp directory prior to the installation process starting. This vulnerability has a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact with changed scope.
A local attacker with low privileges can exploit this vulnerability by writing a malicious configuration file to /tmp and tricking a user into initiating the FortiClientMac installation process, which requires user interaction. Successful exploitation allows the attacker to execute arbitrary code or commands, potentially leading to high confidentiality, integrity, and availability impacts on the affected system.
The FortiGuard PSIRT advisory (FG-IR-23-345) provides details on this issue, including recommended mitigations and patches, available at https://fortiguard.com/psirt/FG-IR-23-345. The vulnerability was published on 2025-03-14T16:15:27.570.
Details
- CWE(s)