CVE-2024-54019

Published Jun 10, 2025

Last updated 9 months ago

CVSS medium 4.8

Overview

Description: A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another form of redirection.
Source: psirt@fortinet.com
NVD status: Analyzed
Products: forticlient

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 2.5
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

psirt@fortinet.com: CWE-297

Hype score: Not currently trending

CVE-2024-54019 A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unau… https://t.co/KbL4R5lxnG
@CVEnew
10 Jun 2025
240 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*",
            "matchCriteriaId": "443F610D-2C24-4952-9493-07B7BCCC514F",
            "versionEndExcluding": "7.2.7",
            "versionStartIncluding": "7.0.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:fortinet:forticlient:7.4.0:*:*:*:*:windows:*:*",
            "matchCriteriaId": "6B512696-8596-4458-ADC9-24DD3C6C377B",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References