CVE-2024-31489

CWE-295 — Improper Certificate Validation4 documents4 sources

Severity

8.1HIGH

EPSS

0.2%

top 52.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Forticlient Fortinet Forticlientems Fortinet Forticlientlinux +2 more

Timeline

PublishedSep 10

Description

AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 1.6 | Impact: 5.2

Affected Packages5 packages

▶CVEListV5fortinet/forticlientmac7.2.0 — 7.2.4+1

▶CVEListV5fortinet/forticlientlinux7.0.0 — 7.0.11+1

▶CVEListV5fortinet/forticlientwindows7.2.0 — 7.2.2+1

▶NVDfortinet/forticlient7.0.0 — 7.0.12+3

▶CVEListV5fortinet/forticlientems7.0.0 — 7.0.13

🔴Vulnerability Details

CVEList

CVE-2024-31489: AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7↗2024-09-10

▶

GHSA

GHSA-x3xw-jp2m-77mv: AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7↗2024-09-10

▶

📋Vendor Advisories

Fortinet

AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0...↗2024-09-10

▶