CVE Vulnerabilities

CVE-2015-1570

Published: Feb 10, 2015 | Modified: Feb 11, 2015
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate.

Affected Software

Name Vendor Start Version End Version
Forticlient Fortinet 5.2.028 5.2.028
Forticlient Fortinet 5.2.3.091 5.2.3.091

References