var-201306-0360
Vulnerability from variot
FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the server's X.509 certificate is invalid, which allows man-in-the-middle attackers to obtain sensitive information by leveraging a password transmission that occurs before the user warning about the certificate problem. Fortinet FortiClient VPN client is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates from the server. An attacker can exploit this issue to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. Fortinet FortiClient, FortiClient Lite and FortiClient SSL VPN are all products of Fortinet. FortiClient is a suite of software solutions that provide security for endpoints, providing features such as IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication. FortiClient Lite is a free antivirus software that offers malware detection, real-time protection, parental controls, web filtering, and more. FortiClient SSL VPN is an integrated software in FortiClient products, which mainly provides virtual private network technology. Vulnerabilities exist in the following versions: Windows-based FortiClient prior to 4.3.5.472, Mac OS X-based FortiClient prior to 4.0.3.134, Android-based FortiClient prior to 4.0, Windows-based FortiClient Lite 4.3.4.461 Previous versions, FortiClient Lite 2.0 to 2.0.0223 based on the Android platform, versions earlier than FortiClient SSL VPN 4.0.2258 based on the Linux platform
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201306-0360",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "forticlient ssl vpn",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.0.2012"
},
{
"model": "forticlient",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.3.3.445"
},
{
"model": "forticlient lite",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "2.0"
},
{
"model": "forticlient",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.0.2"
},
{
"model": "forticlient lite",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.3.3.445"
},
{
"model": "forticlient",
"scope": "lt",
"trust": 0.8,
"vendor": "fortinet",
"version": "4.0 (android for )"
},
{
"model": "forticlient",
"scope": "lt",
"trust": 0.8,
"vendor": "fortinet",
"version": "4.0.3.134 (mac os x for )"
},
{
"model": "forticlient",
"scope": "lt",
"trust": 0.8,
"vendor": "fortinet",
"version": "4.3.5.472 (windows for )"
},
{
"model": "forticlient lite",
"scope": "eq",
"trust": 0.8,
"vendor": "fortinet",
"version": "2.0 to 2.0.0223 (android for )"
},
{
"model": "forticlient lite",
"scope": "lt",
"trust": 0.8,
"vendor": "fortinet",
"version": "4.3.4.461 (windows for )"
},
{
"model": "forticlient ssl vpn",
"scope": "lt",
"trust": 0.8,
"vendor": "fortinet",
"version": "4.0.2258 (linux for )"
},
{
"model": "forticlient lite",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "2.0"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "4.3.3.445"
},
{
"model": "forticlient lite",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "4.3.3.445"
},
{
"model": "forticlient ssl vpn",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "4.0.2012"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "4.0.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003119"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-079"
},
{
"db": "NVD",
"id": "CVE-2013-4669"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fortinet:forticlient",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fortinet:forticlient_lite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fortinet:forticlient_ssl_vpn",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003119"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cedric Tissieres, Philippe Oechslin",
"sources": [
{
"db": "BID",
"id": "59604"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-079"
}
],
"trust": 0.9
},
"cve": "CVE-2013-4669",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CVE-2013-4669",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "VHN-64671",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-4669",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-4669",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201305-079",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-64671",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64671"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003119"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-079"
},
{
"db": "NVD",
"id": "CVE-2013-4669"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the server\u0027s X.509 certificate is invalid, which allows man-in-the-middle attackers to obtain sensitive information by leveraging a password transmission that occurs before the user warning about the certificate problem. Fortinet FortiClient VPN client is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates from the server. \nAn attacker can exploit this issue to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. Fortinet FortiClient, FortiClient Lite and FortiClient SSL VPN are all products of Fortinet. FortiClient is a suite of software solutions that provide security for endpoints, providing features such as IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication. FortiClient Lite is a free antivirus software that offers malware detection, real-time protection, parental controls, web filtering, and more. FortiClient SSL VPN is an integrated software in FortiClient products, which mainly provides virtual private network technology. Vulnerabilities exist in the following versions: Windows-based FortiClient prior to 4.3.5.472, Mac OS X-based FortiClient prior to 4.0.3.134, Android-based FortiClient prior to 4.0, Windows-based FortiClient Lite 4.3.4.461 Previous versions, FortiClient Lite 2.0 to 2.0.0223 based on the Android platform, versions earlier than FortiClient SSL VPN 4.0.2258 based on the Linux platform",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4669"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003119"
},
{
"db": "BID",
"id": "59604"
},
{
"db": "VULHUB",
"id": "VHN-64671"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-4669",
"trust": 2.5
},
{
"db": "BID",
"id": "59604",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003119",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201305-079",
"trust": 0.7
},
{
"db": "FULLDISC",
"id": "20130501 FORTICLIENT VPN CLIENT CREDENTIAL INTERCEPTION VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-64671",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64671"
},
{
"db": "BID",
"id": "59604"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003119"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-079"
},
{
"db": "NVD",
"id": "CVE-2013-4669"
}
]
},
"id": "VAR-201306-0360",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-64671"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:05:53.803000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Potential Man-In-The Middle Vulnerability in FortiClient VPN",
"trust": 0.8,
"url": "http://www.fortiguard.com/advisory/Potential-Man-In-The-Middle-Vulnerability-in-FortiClient-VPN/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003119"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
},
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64671"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003119"
},
{
"db": "NVD",
"id": "CVE-2013-4669"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/59604"
},
{
"trust": 1.7,
"url": "http://www.fortiguard.com/advisory/potential-man-in-the-middle-vulnerability-in-forticlient-vpn/"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0001.html"
},
{
"trust": 1.7,
"url": "http://objectif-securite.ch/forticlient_bulletin.php"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4669"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4669"
},
{
"trust": 0.3,
"url": "http://www.fortinet.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64671"
},
{
"db": "BID",
"id": "59604"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003119"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-079"
},
{
"db": "NVD",
"id": "CVE-2013-4669"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-64671"
},
{
"db": "BID",
"id": "59604"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003119"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-079"
},
{
"db": "NVD",
"id": "CVE-2013-4669"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-25T00:00:00",
"db": "VULHUB",
"id": "VHN-64671"
},
{
"date": "2013-05-01T00:00:00",
"db": "BID",
"id": "59604"
},
{
"date": "2013-06-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003119"
},
{
"date": "2013-05-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-079"
},
{
"date": "2013-06-25T14:38:18.287000",
"db": "NVD",
"id": "CVE-2013-4669"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-04T00:00:00",
"db": "VULHUB",
"id": "VHN-64671"
},
{
"date": "2013-05-01T00:00:00",
"db": "BID",
"id": "59604"
},
{
"date": "2016-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003119"
},
{
"date": "2013-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-079"
},
{
"date": "2024-11-21T01:56:01.707000",
"db": "NVD",
"id": "CVE-2013-4669"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-079"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural OS Run on FortiClient Vulnerability in which important information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003119"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-079"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.