FortiClient Zero-Day Vulnerability Allows Remote Man-in-the-Middle Attacks
CVE-2024-31489
8.1HIGH
Key Information:
- Vendor
Fortinet
- Vendor
- CVE Published:
- 10 September 2024
What is CVE-2024-31489?
An improper certificate validation vulnerability in Fortinet's FortiClient software allows remote, unauthenticated attackers to exploit the communication channel between FortiGate and FortiClient during ZTNA tunnel creation. This flaw can potentially enable a Man-in-the-Middle attack, where attackers could intercept and manipulate data in transit, compromising the integrity and confidentiality of sensitive information exchanged during secure connections.
Affected Version(s)
FortiClientEMS 7.0.0 <= 7.0.13
FortiClientLinux 7.2.0
FortiClientLinux 7.0.0 <= 7.0.11