Vulnerabilites related to Fortinet - FortiClientAndroid
cve-2022-45856
Vulnerability from cvelistv5
Published
2024-09-10 14:37
Modified
2024-09-10 19:01
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C
Summary
An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and  both the service provider and the identity provider.
References
https://fortiguard.fortinet.com/psirt/FG-IR-22-230
Impacted products
Vendor Product Version
Fortinet FortiClientiOS Version: 7.0.3    7.0.6
Version: 7.0.0    7.0.1
Version: 6.0.0    6.0.1
Version: 5.6.5    5.6.6
Version: 5.6.0    5.6.1
Version: 5.4.3    5.4.4
Version: 5.4.0    5.4.1
Version: 5.2.0    5.2.3
Version: 5.0.0    5.0.3
Version: 4.0.0    4.0.2
Version: 2.0.0    2.0.1
    cpe:2.3:a:fortinet:forticlientios:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:5.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:5.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:5.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:5.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:5.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:5.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:5.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:5.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:5.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:5.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientios:2.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
   Fortinet FortiClientAndroid Version: 7.2.0
Version: 7.0.6    7.0.7
Version: 7.0.2    7.0.3
Version: 7.0.0
Version: 6.4.6
Version: 6.4.4
Version: 6.4.1
Version: 6.0.0
Version: 5.6.0
Version: 5.4.0    5.4.2
Version: 5.2.0    5.2.8
Version: 5.0.0    5.0.3
 Create a notification for this product.
   Fortinet FortiClientMac Version: 7.2.0    7.2.4
Version: 7.0.0    7.0.13
Version: 6.4.0    6.4.10
 Create a notification for this product.
   Fortinet FortiClientLinux Version: 7.2.0    7.2.4
Version: 7.0.0    7.0.13
Version: 6.4.7    6.4.9
Version: 6.4.0    6.4.4
 Create a notification for this product.
   Fortinet FortiClientWindows Version: 7.0.0    7.0.7
Version: 6.4.0    6.4.10
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-45856",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T19:01:07.692905Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T19:01:23.813Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:forticlientios:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:5.6.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:5.6.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:5.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:5.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:5.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:5.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:5.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:5.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:5.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:5.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:5.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:5.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:5.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:5.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:4.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:4.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:4.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:2.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientios:2.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiClientiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.6",
              "status": "affected",
              "version": "7.0.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.1",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.1",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.6.6",
              "status": "affected",
              "version": "5.6.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.6.1",
              "status": "affected",
              "version": "5.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.4",
              "status": "affected",
              "version": "5.4.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.1",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.2.3",
              "status": "affected",
              "version": "5.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.0.3",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.0.2",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.0.1",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiClientAndroid",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "lessThanOrEqual": "7.0.7",
              "status": "affected",
              "version": "7.0.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.2",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "6.4.6"
            },
            {
              "status": "affected",
              "version": "6.4.4"
            },
            {
              "status": "affected",
              "version": "6.4.1"
            },
            {
              "status": "affected",
              "version": "6.0.0"
            },
            {
              "status": "affected",
              "version": "5.6.0"
            },
            {
              "lessThanOrEqual": "5.4.2",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.2.8",
              "status": "affected",
              "version": "5.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.0.3",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiClientMac",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.4",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.10",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiClientLinux",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.4",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.9",
              "status": "affected",
              "version": "6.4.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.4",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiClientWindows",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.7",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.10",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to\u00a0man-in-the-middle the communication between the FortiClient and\u00a0 both the service provider and the identity provider."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T14:37:48.663Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-22-230",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-230"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiClientAndroid version 7.2.1 or above \nPlease upgrade to FortiClientiOS version 7.0.7 or above \nPlease upgrade to FortiClientMac version 7.4.0 or above \nPlease upgrade to FortiClientMac version 7.2.5 or above \nPlease upgrade to FortiClientLinux version 7.4.0 or above \nPlease upgrade to FortiClientLinux version 7.2.5 or above \nPlease upgrade to FortiClientWindows version 7.2.0 or above \nPlease upgrade to FortiClientWindows version 7.0.8 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-45856",
    "datePublished": "2024-09-10T14:37:48.663Z",
    "dateReserved": "2022-11-23T14:57:05.612Z",
    "dateUpdated": "2024-09-10T19:01:23.813Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}