CVE-2024-31489
published 2024-09-10CVE-2024-31489: AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0…
high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | forticlient | — | — |
| fortinet | forticlient | — | — |
| fortinet | forticlient | >= 7.0.0 < 7.0.12 | 7.0.12 |
| fortinet | forticlient | >= 7.2.0 < 7.2.3 | 7.2.3 |
| fortinet | forticlient | >= 7.2.0 < 7.2.5 | 7.2.5 |
| fortinet | forticlientems | 7.0.0 – 7.0.13 | — |
| fortinet | forticlientlinux | — | — |
| fortinet | forticlientlinux | — | — |
| fortinet | forticlientlinux | 7.0.0 – 7.0.11 | — |
| fortinet | forticlientmac | — | — |
| fortinet | forticlientmac | 7.0.0 – 7.0.11 | — |
| fortinet | forticlientmac | 7.2.0 – 7.2.4 | — |
| fortinet | forticlientwindows | — | — |
| fortinet | forticlientwindows | 7.0.0 – 7.0.11 | — |
| fortinet | forticlientwindows | 7.2.0 – 7.2.2 | — |
| fortinet | fortigate | — | — |