CVE-2015-1570
Fortinet FortiClient <5.2.3.091-5.2.028 - SSL/TLS Man-In-The-Middle
Title source: llmDescription
The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate.
References (2)
Core 2
Core References
Exploit x_refsource_misc
http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiClient_Multiple_Vulnerabilities.pdf
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Jan/124
Scores
EPSS
0.0013
EPSS Percentile
32.8%
Details
CWE
CWE-310
Status
published
Products (2)
fortinet/forticlient
5.2.3.091
fortinet/forticlient
5.2.028
Published
Feb 10, 2015
Tracked Since
Feb 18, 2026