Main Vulnerability Database Vulnerabilities #VU111049

#VU111049 Improper validation of certificate with host mismatch in Fortinet FortiClient for Windows - CVE-2024-54019

Published: June 11, 2025

Vulnerability identifier: #VU111049

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-54019

CWE-ID: CWE-297

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Fortinet FortiClient for Windows

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper validation of certificate with host mismatch. An unauthorized attacker can redirect VPN connections via DNS spoofing or another form of redirection.

Remediation

Install update from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-24-365

#VU111049 Improper validation of certificate with host mismatch in Fortinet FortiClient for Windows - CVE-2024-54019

Description

Remediation

External links

Please verify you're human