CVE-2024-31489

Published: Sep 10, 2024Modified: Sep 20, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation

Affected (6)

Products: Fortinet: Forticlient

Fortinet

1 product

Forticlient

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Fortinet Forticlient	From 7.0.0 to 7.0.12
Fortinet Forticlient	From 7.0.0 to 7.0.12
Fortinet Forticlient	From 7.2.0 to 7.2.5
Fortinet Forticlient	From 7.0.0 to 7.0.12
Fortinet Forticlient	From 7.2.0 to 7.2.3
Fortinet Forticlient	Version 7.2.0

Related CWEs

CWE-295

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-22-282

Source: psirt@fortinet.com

Vendor Advisory

Timeline

No history available yet.