Unrated severityNVD Advisory· Published Jun 25, 2013· Updated Apr 29, 2026

CVE-2013-4669

Description

FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the server's X.509 certificate is invalid, which allows man-in-the-middle attackers to obtain sensitive information by leveraging a password transmission that occurs before the user warning about the certificate problem.

Affected products

Fortinet/Forticlient
cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:*:*:*
Range: <=4.3.3.445
Fortinet/Forticlient Lite
cpe:2.3:a:fortinet:forticlient_lite:*:*:*:*:*:*:*:*
Range: <=4.3.3.445
Fortinet/Forticlient Ssl Vpn
cpe:2.3:a:fortinet:forticlient_ssl_vpn:*:*:*:*:*:*:*:*
Range: <=4.0.2012

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000