CVE-2024-54019

CVE Database · CVE-2024-54019

CVE-2024-54019

· MEDIUMAnalyzed

CVSS v3.1

4.8

EPSS

0.14%

Published

Jun 10, 2025

Modified

Jul 25, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another form of redirection.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Weaknesses (CWE)

CWE-297

Affected Products (2)

fortinet · forticlient (up to 7.2.7)vulnerable

fortinet · forticlientvulnerable

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-24-365

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs