1. Home
  2. CVE Database
  3. CVE-2013-4669
MEDIUM · 5.4

CVE-2013-4669

FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and Fo...

Vulnerability Description

FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the server's X.509 certificate is invalid, which allows man-in-the-middle attackers to obtain sensitive information by leveraging a password transmission that occurs before the user warning about the certificate problem.

CVSS Score

5.4

MEDIUM

AV:N/AC:H/Au:N/C:C/I:N/A:N
Confidentiality
COMPLETE
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
FortinetForticlient<= 4.3.3.445
MicrosoftWindowsAll versions
FortinetForticlient Lite<= 4.3.3.445
FortinetForticlient Ssl Vpn<= 4.0.2012
LinuxLinux KernelAll versions
AppleMac Os XAll versions
GoogleAndroidAll versions

Related Weaknesses (CWE)

CWE-310CWE-255

References

FAQ

What is CVE-2013-4669?

CVE-2013-4669 is a vulnerability with a CVSS score of 5.4 (MEDIUM). FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and Fo...

How severe is CVE-2013-4669?

CVE-2013-4669 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-4669?

Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Forticlient, Microsoft Windows, Fortinet Forticlient Lite, Fortinet Forticlient Ssl Vpn, Linux Linux Kernel.