A high-severity path traversal vulnerability has been identified in the Fortinet FortiDLP Agent for MacOS. This flaw could allow an unauthenticated attacker to access, modify, or delete files outside of the intended directories on an affected system, potentially leading to sensitive data exposure or a full system compromise. Organizations are strongly advised to apply the vendor-supplied security patches immediately to mitigate this risk.

The vulnerability is an Improper Limitation of a Pathname to a Restricted Directory, commonly known as Path Traversal (CWE-22). It exists within the Outlookproxy plugin of the Fortinet FortiDLP Agent. The application fails to properly validate or sanitize user-supplied input that is used to construct file paths. A remote or local attacker could craft a malicious input containing "dot-dot-slash" (../) sequences to navigate the file system and access or manipulate files and directories outside the restricted folder, using the permissions of the FortiDLP agent process.

This vulnerability is rated as High severity with a CVSS score of 7.8. Successful exploitation poses a significant risk to the confidentiality, integrity, and availability of the affected macOS endpoint. An attacker could potentially read sensitive corporate data, modify critical application or system files to enable further compromise, or delete essential data, leading to operational disruption. Given that FortiDLP is a security product, its compromise could undermine the organization's overall security posture and lead to a serious data breach.

Immediate Action: Apply vendor security updates immediately. Fortinet has released patches to address this vulnerability, and system administrators should prioritize their deployment across all affected macOS endpoints. After patching, monitor for any signs of post-exploitation activity and review file access logs for suspicious behavior preceding the update.

Proactive Monitoring: Security teams should monitor for indicators of compromise, including unusual file access patterns originating from the FortiDLP agent process. Specifically, review application and system logs for any file path inputs containing traversal sequences like ../. Endpoint Detection and Response (EDR) solutions should be configured to alert on unexpected file modifications or deletions in sensitive system directories.

Compensating Controls: If immediate patching is not feasible, organizations should consider implementing compensating controls. This includes applying stricter file permissions and access control lists (ACLs) to limit the FortiDLP agent's ability to write to critical directories. Additionally, ensure endpoint security solutions are in place to detect and block anomalous file system activity.

Public Exploit Available: false

Given the high severity rating (CVSS 7.8) and the potential for complete system compromise, immediate remediation is critical. We strongly recommend that all organizations using the affected Fortinet FortiDLP Agent on MacOS prioritize the deployment of the vendor-provided patches. Although this CVE is not currently listed on the CISA KEV list, its presence in a security product makes it a high-value target. Proactive patching is the most effective defense against potential future exploitation.