Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1570

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2015-1570
Last Modified 11 Feb 2015 02:35:06
Published 10 Feb 2015 03:59:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-1570

Summary

The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate.

Vulnerable Systems

Application

  • Fortinet Forticlient 5.2.028

  • Fortinet Forticlient 5.2.3.091


References

MISC - http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiClient_Multiple_Vulnerabilities.pdf

FULLDISC - 20150129 Fortinet FortiClient Multiple Vulnerabilities


Last Updated: 27 May 2016 11:07:47