CVE-2024-54019

Published: Jun 10, 2025Modified: Jul 25, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability: 3.9 / Impact: 2.5

Source: NVD

Description

A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another form of redirection.

Affected (2)

Products: Fortinet: Forticlient

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fortinet Forticlient	From 7.0.0 to 7.2.7
Fortinet Forticlient	Version 7.4.0

Related CWEs

Improper Validation of Certificate with Host Mismatch

The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-24-365

Source: psirt@fortinet.com

Vendor Advisory

Timeline

No history available yet.