Improper Certificate Validation Vulnerability May Allow Unauthenticated MITM Attack on SAML SSO Feature
CVE-2022-45856

5.9MEDIUM

Key Information:

Vendor: Fortinet
Status: ForticlientiOS; Forticlientandroid; Forticlientmac; Forticlientlinux
Vendor: CVE Published:; 10 September 2024

Summary

An improper certificate validation vulnerability exists in FortiClient products, potentially enabling an unauthenticated attacker to intercept and manipulate communications between FortiClient and both service providers and identity providers. This vulnerability impacts various platforms including Windows, Mac, Linux, Android, and iOS across multiple versions. Proper validation of certificates is critical to prevent man-in-the-middle attacks, which could lead to unauthorized information exposure and loss of data integrity.

Affected Version(s)

FortiClientAndroid 7.2.0

FortiClientAndroid 7.0.6 <= 7.0.7

FortiClientAndroid 7.0.2 <= 7.0.3

References

https://fortiguard.fortinet.com/psirt/FG-IR-22-230

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Nov 23, 2022