VAR-201502-0039
Vulnerability from variot - Updated: 2023-12-18 12:30Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate. Fortinet FortiClient is prone to multiple security vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to perform man-in-the-middle attacks, to view encrypted data disclose and obtain sensitive information, which will aid in further attacks. Fortinet FortiClient for iOS is a terminal security solution based on the iOS platform from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. There is a security vulnerability in the Fortinet FortiClient 5.2.028 version based on the iOS platform. The vulnerability is caused by the fact that the program does not verify the certificate
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0039",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "forticlient",
"scope": "eq",
"trust": 2.4,
"vendor": "fortinet",
"version": "5.2.028"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.2.28"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.2.3.091"
}
],
"sources": [
{
"db": "BID",
"id": "72377"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001473"
},
{
"db": "NVD",
"id": "CVE-2015-1569"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-194"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:forticlient:5.2.028:*:*:*:*:iphone_os:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1569"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Denis Andzakovic",
"sources": [
{
"db": "BID",
"id": "72377"
}
],
"trust": 0.3
},
"cve": "CVE-2015-1569",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-1569",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-79530",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-1569",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-194",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-79530",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79530"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001473"
},
{
"db": "NVD",
"id": "CVE-2015-1569"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-194"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate. Fortinet FortiClient is prone to multiple security vulnerabilities because it fails to properly sanitize user-supplied input. \nAn attacker can exploit these issues to perform man-in-the-middle attacks, to view encrypted data disclose and obtain sensitive information, which will aid in further attacks. Fortinet FortiClient for iOS is a terminal security solution based on the iOS platform from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. There is a security vulnerability in the Fortinet FortiClient 5.2.028 version based on the iOS platform. The vulnerability is caused by the fact that the program does not verify the certificate",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1569"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001473"
},
{
"db": "BID",
"id": "72377"
},
{
"db": "VULHUB",
"id": "VHN-79530"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-1569",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001473",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201502-194",
"trust": 0.7
},
{
"db": "BID",
"id": "72377",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-79530",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79530"
},
{
"db": "BID",
"id": "72377"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001473"
},
{
"db": "NVD",
"id": "CVE-2015-1569"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-194"
}
]
},
"id": "VAR-201502-0039",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-79530"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:30:23.776000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.fortinet.com/"
},
{
"title": "FortiClient\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3",
"trust": 0.8,
"url": "http://www.fortinet.co.jp/products/forticlient/top.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001473"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79530"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001473"
},
{
"db": "NVD",
"id": "CVE-2015-1569"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.security-assessment.com/files/documents/advisory/fortinet_forticlient_multiple_vulnerabilities.pdf"
},
{
"trust": 2.0,
"url": "http://seclists.org/fulldisclosure/2015/jan/124"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1569"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1569"
},
{
"trust": 0.3,
"url": "http://www.fortinet.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79530"
},
{
"db": "BID",
"id": "72377"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001473"
},
{
"db": "NVD",
"id": "CVE-2015-1569"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-194"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-79530"
},
{
"db": "BID",
"id": "72377"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001473"
},
{
"db": "NVD",
"id": "CVE-2015-1569"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-194"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-10T00:00:00",
"db": "VULHUB",
"id": "VHN-79530"
},
{
"date": "2015-01-29T00:00:00",
"db": "BID",
"id": "72377"
},
{
"date": "2015-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001473"
},
{
"date": "2015-02-10T20:59:04.077000",
"db": "NVD",
"id": "CVE-2015-1569"
},
{
"date": "2015-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-194"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-79530"
},
{
"date": "2015-05-07T17:26:00",
"db": "BID",
"id": "72377"
},
{
"date": "2015-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001473"
},
{
"date": "2015-02-11T19:44:15.410000",
"db": "NVD",
"id": "CVE-2015-1569"
},
{
"date": "2015-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-194"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-194"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iOS for Fortinet FortiClient In SSL VPN Vulnerability impersonating a server",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001473"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-194"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…