Summaryinfo

A vulnerability marked as critical has been reported in Fortinet FortiClient 5.2.028. This issue affects some unknown processing of the component Certificates. This manipulation causes cryptographic issue. This vulnerability is registered as CVE-2015-1569. No exploit is available.

Detailsinfo

A vulnerability has been found in Fortinet FortiClient 5.2.028 and classified as critical. Affected by this vulnerability is an unknown code of the component Certificates. The manipulation with an unknown input leads to a cryptographic issue vulnerability. The CWE definition for the vulnerability is CWE-310. As an impact it is known to affect integrity. The summary by CVE is:

Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate.

The weakness was published 02/10/2015 (Website). It is possible to read the advisory at security-assessment.com. This vulnerability is known as CVE-2015-1569 since 02/10/2015. The attack can be launched remotely. The exploitation doesn't need any form of authentication. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1600 according to MITRE ATT&CK.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Similar entries are available at VDB-73834 and VDB-74156. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Vendor

• Fortinet

Name

• FortiClient

Version

• 5.2.028

License

• free

Website

• Vendor: https://www.fortinet.com/

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion