Unrated severityNVD Advisory· Published Sep 10, 2024· Updated Sep 10, 2024

CVE-2024-31489

Description

AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation

Affected products

Fortinet/Forticlientemsv5
Range: 7.0.0
Fortinet/FortiClientLinuxv5
Range: 7.2.0
Fortinet/FortiClientMacv5
Range: 7.2.0
Fortinet/FortiClientWindowsv5
Range: 7.2.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

fortiguard.fortinet.com/psirt/FG-IR-22-282mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000