Описание
The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate.
Ссылки
- Exploit
- Exploit
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:fortinet:forticlient:5.2.3.091:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:forticlient:5.2.028:*:*:*:*:ios:*:*
EPSS
Процентиль: 33%
0.00134
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-310
Связанные уязвимости
github
больше 3 лет назад
The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate.
EPSS
Процентиль: 33%
0.00134
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-310