Improper Validation of Certificate with Host Mismatch

CVE-2024-54019

Medium

4.8/10

Summary

A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another form of redirection.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-297 - Improper Validation of Certificate with Host Mismatch

The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host.

References

Advisory Timeline

Published Jun 10, 2025

Improper Validation of Certificate with Host Mismatch

CVE-2024-54019

Summary

CWE-297 - Improper Validation of Certificate with Host Mismatch

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS