FortiClient Zero-Day Vulnerability Allows Remote Man-in-the-Middle Attacks
CVE-2024-31489
8.1HIGH
Key Information
- Vendor
- Fortinet
- Status
- Forticlientmac
- Forticlientems
- Forticlientlinux
- Forticlientwindows
- Vendor
- CVE Published:
- 10 September 2024
Summary
AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation
Affected Version(s)
FortiClientMac <= 7.2.4
FortiClientMac <= 7.0.11
FortiClientEMS <= 7.0.13
Refferences
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database