var-201502-0039
Vulnerability from variot
Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate. Fortinet FortiClient is prone to multiple security vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to perform man-in-the-middle attacks, to view encrypted data disclose and obtain sensitive information, which will aid in further attacks. Fortinet FortiClient for iOS is a terminal security solution based on the iOS platform from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. There is a security vulnerability in the Fortinet FortiClient 5.2.028 version based on the iOS platform. The vulnerability is caused by the fact that the program does not verify the certificate
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0039",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "forticlient",
"scope": "eq",
"trust": 2.4,
"vendor": "fortinet",
"version": "5.2.028"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.2.28"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.2.3.091"
}
],
"sources": [
{
"db": "BID",
"id": "72377"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001473"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-194"
},
{
"db": "NVD",
"id": "CVE-2015-1569"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fortinet:forticlient",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001473"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Denis Andzakovic",
"sources": [
{
"db": "BID",
"id": "72377"
}
],
"trust": 0.3
},
"cve": "CVE-2015-1569",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-1569",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-79530",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-1569",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-1569",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-194",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-79530",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79530"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001473"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-194"
},
{
"db": "NVD",
"id": "CVE-2015-1569"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate. Fortinet FortiClient is prone to multiple security vulnerabilities because it fails to properly sanitize user-supplied input. \nAn attacker can exploit these issues to perform man-in-the-middle attacks, to view encrypted data disclose and obtain sensitive information, which will aid in further attacks. Fortinet FortiClient for iOS is a terminal security solution based on the iOS platform from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. There is a security vulnerability in the Fortinet FortiClient 5.2.028 version based on the iOS platform. The vulnerability is caused by the fact that the program does not verify the certificate",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1569"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001473"
},
{
"db": "BID",
"id": "72377"
},
{
"db": "VULHUB",
"id": "VHN-79530"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-1569",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001473",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201502-194",
"trust": 0.7
},
{
"db": "BID",
"id": "72377",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-79530",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79530"
},
{
"db": "BID",
"id": "72377"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001473"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-194"
},
{
"db": "NVD",
"id": "CVE-2015-1569"
}
]
},
"id": "VAR-201502-0039",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-79530"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:08:10.157000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.fortinet.com/"
},
{
"title": "FortiClient\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3",
"trust": 0.8,
"url": "http://www.fortinet.co.jp/products/forticlient/top.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001473"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79530"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001473"
},
{
"db": "NVD",
"id": "CVE-2015-1569"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.security-assessment.com/files/documents/advisory/fortinet_forticlient_multiple_vulnerabilities.pdf"
},
{
"trust": 2.0,
"url": "http://seclists.org/fulldisclosure/2015/jan/124"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1569"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1569"
},
{
"trust": 0.3,
"url": "http://www.fortinet.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79530"
},
{
"db": "BID",
"id": "72377"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001473"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-194"
},
{
"db": "NVD",
"id": "CVE-2015-1569"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-79530"
},
{
"db": "BID",
"id": "72377"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001473"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-194"
},
{
"db": "NVD",
"id": "CVE-2015-1569"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-10T00:00:00",
"db": "VULHUB",
"id": "VHN-79530"
},
{
"date": "2015-01-29T00:00:00",
"db": "BID",
"id": "72377"
},
{
"date": "2015-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001473"
},
{
"date": "2015-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-194"
},
{
"date": "2015-02-10T20:59:04.077000",
"db": "NVD",
"id": "CVE-2015-1569"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-79530"
},
{
"date": "2015-05-07T17:26:00",
"db": "BID",
"id": "72377"
},
{
"date": "2015-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001473"
},
{
"date": "2015-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-194"
},
{
"date": "2024-11-21T02:25:40.600000",
"db": "NVD",
"id": "CVE-2015-1569"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-194"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iOS for Fortinet FortiClient In SSL VPN Vulnerability impersonating a server",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001473"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-194"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.