Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-45856

An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and both the service provider and the identity provider.

Published

2024-09-10T15:15:13.823

Last Modified

2024-09-26T14:48:14.810

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.8 (MEDIUM)

Weaknesses

Type: Primary
CWE-295

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	forticlient	< 7.2.1	Yes
Application	fortinet	forticlient	< 7.2.5	Yes
Application	fortinet	forticlient	< 7.2.5	Yes
Application	fortinet	forticlient	< 7.0.8	Yes
Application	fortinet	forticlient	< 7.0.7	Yes

References

https://fortiguard.fortinet.com/psirt/FG-IR-22-230 Vendor Advisory ([email protected])