CVE-2013-4669 — Fortinet Forticlient vulnerability

CWE-255 CWE-3103 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 59.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Forticlient Fortinet Forticlient Lite Fortinet Forticlient SSL VPN

Timeline

PublishedJun 25

Latest updateMay 17

Description

FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the server's X.509 certificate is invalid, which allows man-in-the-middle attackers to obtain sensitive information by leveraging a password transmission that occurs before the user warning about the certif…

CVSS vector

AV:N/AC:H/C:C/I:N/A:NExploitability: 4.9 | Impact: 6.9

Affected Packages3 packages

▶NVDfortinet/forticlient_lite4.3.3.445+1

▶NVDfortinet/forticlient4.3.3.445+1

▶NVDfortinet/forticlient_ssl_vpn4.0.2012

🔴Vulnerability Details

GHSA

GHSA-hrj7-5rgf-5c7r: FortiClient before 4↗2022-05-17

▶

CVEList

CVE-2013-4669: FortiClient before 4↗2013-06-25

▶