CVE Database · CVE-2021-42754
CVSS v3.1
3.2
EPSS
0.41%
Published
Nov 2, 2021
Modified
Nov 21, 2024
Public PoC / Exploit
All weaponized →No public PoC or exploit code indexed for this CVE.
Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without the user permission via the malicious dylib file.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:NWeaknesses (CWE)
References (2)