CVE-2022-45856

Published: Sep 10, 2024Modified: Sep 26, 2024

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and both the service provider and the identity provider.

Affected (5)

Products: Fortinet: Forticlient

Fortinet

1 product

Forticlient

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Forticlient	From 5.0 to 7.2.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Forticlient	From 6.4 to 7.2.5

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Forticlient	From 6.4 to 7.2.5

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Forticlient	From 6.4 to 7.0.8

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Forticlient	From 2.0 to 7.0.7

Related CWEs

CWE-295

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-22-230

Source: psirt@fortinet.com

Vendor Advisory

Timeline

No history available yet.