PT-2015-5358 · Fortinet · Forticlient
Denis Andzakovic
·
Published
2015-02-10
·
Updated
2015-02-11
·
CVE-2015-1569
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiClient version 5.2.028 for iOS
Description
The issue makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate, as it does not validate certificates.
Recommendations
For Fortinet FortiClient version 5.2.028 for iOS, consider disabling SSL VPN connections until a patch is available that properly validates certificates.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Forticlient