CVE-2024-54019

CWE-2974 documents4 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 73.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet ForticlientFortinet Forticlientwindows
Timeline
PublishedJun 10

Description

A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another form of redirection.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.2 | Impact: 2.5

Affected Packages2 packages

CVEListV5fortinet/forticlientwindows7.2.07.2.6+2
NVDfortinet/forticlient7.0.07.2.7+1

🔴Vulnerability Details

2
GHSA
GHSA-6xmj-596p-g7g7: A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 72025-06-10
CVEList
CVE-2024-54019: A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 72025-06-10

📋Vendor Advisories

1
Fortinet
A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 thr...2025-06-10
CVE-2024-54019 (MEDIUM CVSS 6.5) | A improper validation of certificat | cvebase.io