CVE-2024-31489
First published: Tue Sep 10 2024(Updated: )
AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet Forticlient | >=7.0.0<7.0.12 | |
| Fortinet Forticlient | >=7.0.0<7.0.12 | |
| Fortinet FortiClient Windows | >=7.0.0<7.0.12 | |
| Fortinet FortiClient Windows | >=7.2.0<7.2.3 | |
| Fortinet Forticlient | >=7.2.0<7.2.5 | |
| Fortinet Forticlient | =7.2.0 |
Remedy
Please upgrade to FortiClientMac version 7.2.5 or above Please upgrade to FortiClientMac version 7.0.12 or above Please upgrade to FortiClientEMS version 7.2.0 or above Please upgrade to FortiClientLinux version 7.2.1 or above Please upgrade to FortiClientLinux version 7.0.12 or above Please upgrade to FortiClientWindows version 7.2.3 or above Please upgrade to FortiClientWindows version 7.0.12 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/remedy
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- vendor/fortinet
- canonical/fortinet forticlient
- version/fortinet forticlient/7.0.0
- canonical/fortinet forticlient windows
- version/fortinet forticlient windows/7.0.0
- version/fortinet forticlient windows/7.2.0
- version/fortinet forticlient/7.2.0