Main Vulnerability Database Vulnerabilities #VU107313

Improper authentication in FortiClient (macOS) - CVE-2024-52968

Published: April 9, 2025

Vulnerability identifier: #VU107313

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-52968

CWE-ID: CWE-287

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
FortiClient (macOS)

Detailed vulnerability description

The vulnerability allows an attacker to bypass authentication.

The vulnerability exists due to missing authentication in FortiMonitor Agent. An attacker with physical access to device can login to the system without a password as a standard user.

How to mitigate CVE-2024-52968

Install updates from vendor's website.

Sources

https://fortiguard.fortinet.com/psirt/FG-IR-24-300

Improper authentication in FortiClient (macOS) - CVE-2024-52968

Detailed vulnerability description

How to mitigate CVE-2024-52968

Sources

Please verify you're human