CVE-2022-45856
CVSS V2 None
CVSS V3 None
Description
An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and both the service provider and the identity provider.
Overview
- CVE ID
- CVE-2022-45856
- Assigner
- fortinet
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-09-10T14:37:48.663Z
- Last Modified Date
- 2024-09-10T19:01:23.813Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://fortiguard.fortinet.com/psirt/FG-IR-22-230 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-45856 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45856 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-09-11 12:03:42 | Added to TrackCVE |