CVE-2024-31489 MEDIUM

CVE-2024-31489

Vendor Fortinet
Product FortiClientMac
Weakness CWE-295
Published September 10, 2024
Last update September 10, 2024

CVSS base score

6.4/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:U/RC:C

What the vulnerability does

01Description

AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation

Key dates

02Disclosure timeline

September 10, 2024 CVE published
September 10, 2024 Record updated