Vulnerability in Fortinet Forticlient

CVE-2015-1570

The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate.

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.001 (33.0th percentile) — read the EPSS interpretation.

Affected products

Fortinet Forticlient — versions 5.2.3.091, 5.2.028
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

cve@mitre.org (Exploit, x_refsource_MISC)
20150129 Fortinet FortiClient Multiple Vulnerabilities (mailing-list, Exploit, x_refsource_FULLDISC)