CVE-2015-1570Fortinet Forticlient vulnerability

CWE-3103 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 66.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Forticlient
Timeline
PublishedFeb 10
Latest updateMay 17

Description

The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDfortinet/forticlient5.2.028, 5.2.3.091+1

🔴Vulnerability Details

2
GHSA
GHSA-6r2q-685v-m7vm: The Endpoint Control protocol implementation in Fortinet FortiClient 52022-05-17
CVEList
CVE-2015-1570: The Endpoint Control protocol implementation in Fortinet FortiClient 52015-02-10
CVE-2015-1570 — Fortinet Forticlient vulnerability | cvebase