How severe is CVE-2024-31492?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2024-31492?

This is classified as CWE-73, which is a common weakness in software security.

CVE-2024-31492

HIGH Year: 2024

CVSS v3 Score

7.8

High

Weakness Type

CWE-73

View all →

Vulnerability Description

An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.

CVE-2020-15264

HIGH

CVSS:7.8(High)

The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged user...

CWE-732020

CVE-2020-1984

HIGH

CVSS:7.8(High)

Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:\) to gain system priv...

CWE-732020

CVE-2021-22539

HIGH

CVSS:7.8(High)

An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As ...

CWE-732021

CVE-2022-34669

HIGH

CVSS:7.8(High)

NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can access or modify system files or other files that are critical to the appl...

CWE-732022