CVE-2024-54019 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.8 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
fortinet	CNA	4.4 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:W/RC:C
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-297 - Improper Validation of Certificate with Host Mismatch
The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host.

Vulnerability Media Exposure

[GERMAN] Fortinet FortiClient Windows: Schwachstelle ermöglicht Manipulation
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Fortinet FortiClient Windows ausnutzen, um Daten zu manipulieren.
Published: 2025-06-10T22:00:00+00:00
[GERMAN] Fortinet: Angreifer können VPN-Verbindungen umleiten
Sicherheitsupdates schließen mehrere Schwachstellen in unter anderem FortiADC und FortiOS. Bislang gibt es keine Berichte zu Attacken.
Published: 2025-06-12T09:31:00+00:00

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-365