CVE-2022-45856

CVE Database · CVE-2022-45856

CVE-2022-45856

· MEDIUMAnalyzed

CVSS v3.1

4.8

EPSS

0.23%

Published

Sep 10, 2024

Modified

Sep 26, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and both the service provider and the identity provider.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Weaknesses (CWE)

CWE-295

Affected Products (5)

fortinet · forticlient (up to 7.2.1)vulnerable

fortinet · forticlient (up to 7.2.5)vulnerable

fortinet · forticlient (up to 7.0.8)vulnerable

fortinet · forticlient (up to 7.0.7)vulnerable

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-22-230

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs