CVE-2022-45856 — Improper Certificate Validation in Fortinet Forticlient

CWE-295 — Improper Certificate Validation4 documents4 sources

Severity

5.9MEDIUMNVD

CNA4.8

EPSS

0.2%

top 59.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Forticlient Fortinet Forticlientandroid Fortinet Forticlientios +3 more

Timeline

PublishedSep 10

Description

An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication b…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages6 packages

▶CVEListV5fortinet/forticlientios7.0.3 — 7.0.6+10

▶CVEListV5fortinet/forticlientmac7.2.0 — 7.2.4+2

▶CVEListV5fortinet/forticlientlinux7.2.0 — 7.2.4+3

▶CVEListV5fortinet/forticlientandroid7.0.6 — 7.0.7+11

▶CVEListV5fortinet/forticlientwindows7.0.0 — 7.0.7+1

🔴Vulnerability Details

GHSA

GHSA-r657-x7w7-q6j3: An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6↗2024-09-10

▶

CVEList

CVE-2022-45856: An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6↗2024-09-10

▶

📋Vendor Advisories

Fortinet

An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7,...↗2024-09-10

▶