### [CVE-2024-31492](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31492)
![](https://img.shields.io/static/v1?label=Product&message=FortiClientMac&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=7.2.0%3C%3D%207.2.3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Execute%20unauthorized%20code%20or%20commands&color=brighgreen)

### Description

An external control of file name or path vulnerability [CWE-73] in  FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds