CVE-2024-54019

Summary

A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another form of redirection.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiClientWindows7.4.0affected
FortinetFortiClientWindows7.2.0 <= 7.2.6affected
FortinetFortiClientWindows7.0.0 <= 7.0.14affected

Weaknesses

  • CWE-297: Improper access control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References