CVE-2013-4669

medium

Fortinet

CVSS v3 Base Score

5.4

AV:N/AC:H/Au:N/C:C/I:N/A:N

EPSS Score

0.2%

Exploitation probability in 30 days

Top 60% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

High

Confidentiality

Integrity

None

Availability

None

Published: June 25, 2013 (4705 days ago)

Last Modified: April 29, 2026

Vendor: Fortinet

Source: NVD

Description

FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the server's X.509 certificate is invalid, which allows man-in-the-middle attackers to obtain sensitive information by leveraging a password transmission that occurs before the user warning about the certificate problem.

CWE

CWE-255

Affected Products

fortinet forticlientfortinet forticlient litefortinet forticlient ssl vpn

References

🔗 archives.neohapsis.com 🔗 objectif-securite.ch 🔗 www.fortiguard.com 🔗 www.securityfocus.com 🔗 archives.neohapsis.com

CVE-2013-4669

Vulnerability Report

Description

CWE

Affected Products

References