Back

CVE-2022-45856

Sept. 10, 2024, 3:50 p.m.

Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

Products

FortiClientWindows

  • 6.4
  • 7.0.0 - 7.0.7

FortiClientMac

  • 6.4
  • 7.0
  • 7.2.0 - 7.2.4

FortiClientLinux

  • 6.4
  • 7.0
  • 7.2.0 - 7.2.4

FortiClientAndroid

  • 6.4
  • 7.0
  • 7.2.0

FortiClientiOS

  • 5.6
  • 6.0.0 - 6.0.1
  • 7.0.0 - 7.0.6

Source

psirt@fortinet.com

Tags

CWE-295
psirt@fortinet.com
2024-09-10
CVE-2022-45856

CVE-2022-45856 details

Published : Sept. 10, 2024, 3:15 p.m.
Last Modified : Sept. 10, 2024, 3:50 p.m.

Description

An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and  both the service provider and the identity provider.

CVSS Score

1 2 3 4.8 5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-295 Improper Certificate Validation The product does not validate, or incorrectly validates, a certificate.

CVSS Data

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

Base Score

4.8

Exploitability Score

2.2

Impact Score

2.5

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

References

URL Source
https://fortiguard.fortinet.com/psirt/FG-IR-22-230 psirt@fortinet.com
This website uses the NVD API, but is not approved or certified by it.