{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-31489", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2024-04-04T12:52:41.585Z", "datePublished": "2024-09-10T14:37:48.066Z", "dateUpdated": "2024-09-10T17:52:01.310Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiClientMac", "cpes": [], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.4", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.11", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiClientEMS", "cpes": [], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.13", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiClientLinux", "cpes": [], "defaultStatus": "unaffected", "versions": [{"version": "7.2.0", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.11", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiClientWindows", "cpes": [], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.2", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.11", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation"}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-09-10T14:37:48.066Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-295", "description": "Information disclosure", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:U/RC:C"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiClientMac version 7.2.5 or above \nPlease upgrade to FortiClientMac version 7.0.12 or above \nPlease upgrade to FortiClientEMS version 7.2.0 or above \nPlease upgrade to FortiClientLinux version 7.2.1 or above \nPlease upgrade to FortiClientLinux version 7.0.12 or above \nPlease upgrade to FortiClientWindows version 7.2.3 or above \nPlease upgrade to FortiClientWindows version 7.0.12 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-22-282", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-282"}]}, "adp": [{"affected": [{"vendor": "fortinet", "product": "forticlientmac", "cpes": ["cpe:2.3:a:fortinet:forticlientmac:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.2.0", "status": "affected", "lessThanOrEqual": "7.2.4", "versionType": "custom"}, {"version": "7.0.0", "status": "affected", "lessThanOrEqual": "7.0.11", "versionType": "custom"}]}, {"vendor": "fortinet", "product": "forticlientlinux", "cpes": ["cpe:2.3:a:fortinet:forticlientlinux:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.2.0", "status": "affected"}, {"version": "7.0.0", "status": "affected", "lessThanOrEqual": "7.0.11", "versionType": "custom"}]}, {"vendor": "fortinet", "product": "forticlientwindows", "cpes": ["cpe:2.3:a:fortinet:forticlientwindows:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.2.0", "status": "affected", "lessThanOrEqual": "7.2.2", "versionType": "custom"}, {"version": "7.0.0", "status": "affected", "lessThanOrEqual": "7.0.11", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-10T17:47:00.423144Z", "id": "CVE-2024-31489", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-10T17:52:01.310Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-31489", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-10T17:47:00.423144Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:forticlientmac:*:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "forticlientmac", "versions": [{"status": "affected", "version": "7.2.0", "versionType": "custom", "lessThanOrEqual": "7.2.4"}, {"status": "affected", "version": "7.0.0", "versionType": "custom", "lessThanOrEqual": "7.0.11"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fortinet:forticlientlinux:*:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "forticlientlinux", "versions": [{"status": "affected", "version": "7.2.0"}, {"status": "affected", "version": "7.0.0", "versionType": "custom", "lessThanOrEqual": "7.0.11"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fortinet:forticlientwindows:*:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "forticlientwindows", "versions": [{"status": "affected", "version": "7.2.0", "versionType": "custom", "lessThanOrEqual": "7.2.2"}, {"status": "affected", "version": "7.0.0", "versionType": "custom", "lessThanOrEqual": "7.0.11"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-10T17:51:55.710Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:U/RC:C", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": [], "vendor": "Fortinet", "product": "FortiClientMac", "versions": [{"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.4"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.11"}], "defaultStatus": "unaffected"}, {"cpes": [], "vendor": "Fortinet", "product": "FortiClientEMS", "versions": [{"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.13"}], "defaultStatus": "unaffected"}, {"cpes": [], "vendor": "Fortinet", "product": "FortiClientLinux", "versions": [{"status": "affected", "version": "7.2.0"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.11"}], "defaultStatus": "unaffected"}, {"cpes": [], "vendor": "Fortinet", "product": "FortiClientWindows", "versions": [{"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.2"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.11"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiClientMac version 7.2.5 or above \nPlease upgrade to FortiClientMac version 7.0.12 or above \nPlease upgrade to FortiClientEMS version 7.2.0 or above \nPlease upgrade to FortiClientLinux version 7.2.1 or above \nPlease upgrade to FortiClientLinux version 7.0.12 or above \nPlease upgrade to FortiClientWindows version 7.2.3 or above \nPlease upgrade to FortiClientWindows version 7.0.12 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-282", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-22-282"}], "descriptions": [{"lang": "en", "value": "AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "Information disclosure"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-09-10T14:37:48.066Z"}}}, "cveMetadata": {"cveId": "CVE-2024-31489", "state": "PUBLISHED", "dateUpdated": "2024-09-10T17:52:01.310Z", "dateReserved": "2024-04-04T12:52:41.585Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2024-09-10T14:37:48.066Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation"}], "id": "CVE-2024-31489", "lastModified": "2024-09-10T15:50:47.237", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "psirt@fortinet.com", "type": "Secondary"}]}, "published": "2024-09-10T15:15:15.787", "references": [{"source": "psirt@fortinet.com", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-282"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "psirt@fortinet.com", "type": "Primary"}]}

{}