5.9

CVE-2022-45856

EPSS 0.07%
Veröffentlicht 10.09.2024 15:15:13
Zuletzt bearbeitet 26.09.2024 14:48:14
Quelle psirt@fortinet.com
Teams Watchlist Login
Unerledigt Login

An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and  both the service provider and the identity provider.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fortinet ≫ FortiClient SwPlatformandroid Version >= 5.0 < 7.2.1

Fortinet ≫ FortiClient SwPlatformlinux Version >= 6.4 < 7.2.5

Fortinet ≫ FortiClient SwPlatformmac_os Version >= 6.4 < 7.2.5

Fortinet ≫ FortiClient SwPlatformwindows Version >= 6.4 < 7.0.8

Fortinet ≫ FortiClient SwPlatformiphone_os Version >= 2.0 < 7.0.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.22

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
psirt@fortinet.com	4.8	2.2	2.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://fortiguard.fortinet.com/psirt/FG-IR-22-230

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-45856

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-45856

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-45856

EUVD