Description
Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate.
References (2)
Core 2
Core References
Exploit x_refsource_misc
http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiClient_Multiple_Vulnerabilities.pdf
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Jan/124
Scores
EPSS
0.0013
EPSS Percentile
32.8%
Details
CWE
CWE-310
Status
published
Products (1)
fortinet/forticlient
5.2.028
Published
Feb 10, 2015
Tracked Since
Feb 18, 2026