Man-in-the-Middle Security Flaw in Fortinet FortiClient for Android and iOS
CVE-2015-1570

Currently unrated

Key Information:

Vendor: Fortinet
Status: Forticlient
Vendor: CVE Published:; 10 February 2015

Summary

The Fortinet FortiClient for Android and iOS is affected by a vulnerability in its Endpoint Control protocol implementation that fails to properly validate certificates. This deficiency allows attackers to execute man-in-the-middle attacks, potentially facilitating the spoofing of servers with crafted certificates. As a result, sensitive information transmitted between the client and server may be intercepted and compromised.

References

http://www.security-assessment.com/files/documents/adviso...

x_refsource_MISC

http://seclists.org/fulldisclosure/2015/Jan/124

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 10, 2015