CVE-2013-4669
5.4
Vector
AV:N/AC:H/Au:N/C:C/I:N/A:N
Exploitability: 4.9 / Impact: 6.9
Source: NVD
Description
FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the server's X.509 certificate is invalid, which allows man-in-the-middle attackers to obtain sensitive information by leveraging a password transmission that occurs before the user warning about the certificate problem.
Affected (5)
Products: Fortinet: Forticlient, Forticlient Lite, Forticlient Ssl Vpn
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.3.3.445 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.3.3.445 |
| Running on/with | Platform Versions |
|---|---|
Microsoft Windows | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0.2012 |
| Running on/with | Platform Versions |
|---|---|
Linux Linux Kernel | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0.2 |
| Running on/with | Platform Versions |
|---|---|
Apple Mac Os X | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.0 |
| Running on/with | Platform Versions |
|---|---|
Google Android | All versions |
Related CWEs
References (8)
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.