VYPR
Unrated severityNVD Advisory· Published Sep 10, 2024· Updated Sep 10, 2024

CVE-2022-45856

CVE-2022-45856

Description

An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and  both the service provider and the identity provider.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • Fortinet/Forticlientcpe-rescue6 versions
    cpe:2.3:a:fortinet:forticlientios:7.0.6:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:fortinet:forticlientios:7.0.6:*:*:*:*:*:*:*range: 7.0.3
    • (no CPE)range: <=6.4; >=7.0.0 <=7.0.7
    • (no CPE)range: 7.2.0
    • (no CPE)range: 7.2.0
    • (no CPE)range: 7.2.0
    • (no CPE)range: 7.0.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.