Unrated severityNVD Advisory· Published Sep 10, 2024· Updated Sep 10, 2024
CVE-2022-45856
CVE-2022-45856
Description
An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and both the service provider and the identity provider.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:fortinet:forticlientios:7.0.6:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:fortinet:forticlientios:7.0.6:*:*:*:*:*:*:*range: 7.0.3
- (no CPE)range: <=6.4; >=7.0.0 <=7.0.7
- (no CPE)range: 7.2.0
- (no CPE)range: 7.2.0
- (no CPE)range: 7.2.0
- (no CPE)range: 7.0.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.