Sign-up

ID

VAR-201502-0039


CVE

CVE-2015-1569


TITLE

iOS for Fortinet FortiClient In SSL VPN Vulnerability impersonating a server

Trust: 0.8

sources: JVNDB: JVNDB-2015-001473

DESCRIPTION

Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate. Fortinet FortiClient is prone to multiple security vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to perform man-in-the-middle attacks, to view encrypted data disclose and obtain sensitive information, which will aid in further attacks. Fortinet FortiClient for iOS is a terminal security solution based on the iOS platform from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. There is a security vulnerability in the Fortinet FortiClient 5.2.028 version based on the iOS platform. The vulnerability is caused by the fact that the program does not verify the certificate

Trust: 1.98

sources: NVD: CVE-2015-1569 // JVNDB: JVNDB-2015-001473 // BID: 72377 // VULHUB: VHN-79530

AFFECTED PRODUCTS

vendor:fortinetmodel:forticlientscope:eqversion:5.2.028

Trust: 2.4

vendor:fortinetmodel:forticlientscope:eqversion:5.2.28

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.2.3.091

Trust: 0.3

sources: BID: 72377 // JVNDB: JVNDB-2015-001473 // CNNVD: CNNVD-201502-194 // NVD: CVE-2015-1569

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-1569
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-1569
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201502-194
value: MEDIUM

Trust: 0.6

VULHUB: VHN-79530
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-1569
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-79530
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-79530 // JVNDB: JVNDB-2015-001473 // CNNVD: CNNVD-201502-194 // NVD: CVE-2015-1569

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-79530 // JVNDB: JVNDB-2015-001473 // NVD: CVE-2015-1569

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-194

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201502-194

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001473

PATCH
title:Top Pageurl:http://www.fortinet.com/
Trust: 0.8
title:FortiClientエンドポイントセキュリティurl:http://www.fortinet.co.jp/products/forticlient/top.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-001473

EXTERNAL IDS
db:NVDid:CVE-2015-1569
Trust: 2.8
db:JVNDBid:JVNDB-2015-001473
Trust: 0.8
db:CNNVDid:CNNVD-201502-194
Trust: 0.7
db:BIDid:72377
Trust: 0.3
db:VULHUBid:VHN-79530
Trust: 0.1
sources:
            
            
            VULHUB: VHN-79530 // 
            
            
            
            BID: 72377 // 
            
            
            
            JVNDB: JVNDB-2015-001473 // 
            
            
            
            CNNVD: CNNVD-201502-194 // 
            
            
            
            NVD: CVE-2015-1569

REFERENCES
url:http://www.security-assessment.com/files/documents/advisory/fortinet_forticlient_multiple_vulnerabilities.pdf
Trust: 2.5
url:http://seclists.org/fulldisclosure/2015/jan/124
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1569
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1569
Trust: 0.8
url:http://www.fortinet.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-79530 // 
            
            
            
            BID: 72377 // 
            
            
            
            JVNDB: JVNDB-2015-001473 // 
            
            
            
            CNNVD: CNNVD-201502-194 // 
            
            
            
            NVD: CVE-2015-1569

CREDITS
Denis Andzakovic
Trust: 0.3
sources:
            
            
            BID: 72377

SOURCES
db:VULHUBid:VHN-79530
db:BIDid:72377
db:JVNDBid:JVNDB-2015-001473
db:CNNVDid:CNNVD-201502-194
db:NVDid:CVE-2015-1569

LAST UPDATE DATE
2024-11-23T22:08:10.157000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-79530date:2015-02-11T00:00:00
db:BIDid:72377date:2015-05-07T17:26:00
db:JVNDBid:JVNDB-2015-001473date:2015-02-17T00:00:00
db:CNNVDid:CNNVD-201502-194date:2015-02-11T00:00:00
db:NVDid:CVE-2015-1569date:2024-11-21T02:25:40.600

SOURCES RELEASE DATE
db:VULHUBid:VHN-79530date:2015-02-10T00:00:00
db:BIDid:72377date:2015-01-29T00:00:00
db:JVNDBid:JVNDB-2015-001473date:2015-02-17T00:00:00
db:CNNVDid:CNNVD-201502-194date:2015-02-11T00:00:00
db:NVDid:CVE-2015-1569date:2015-02-10T20:59:04.077