CVE-2023-29175

MEDIUM Year: 2023
CVSS v3 Score
4.8
Medium
Weakness Type
CWE-295
View all →

Vulnerability Description

An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through 7.0.10, 7.2.0 and FortiProxy 1.2 all versions, 2.0 all versions, 7.0.0 through 7.0.9, 7.2.0 through 7.2.3 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the vulnerable device and the remote FortiGuard's map server.

Related Vulnerabilities

CVE-2017-2387

MEDIUM
CVSS:4.8(Medium)

The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obta...

CWE-2952017

CVE-2017-6142

MEDIUM
CVSS:4.8(Medium)

X509 certificate verification was not correctly implemented in the early access "user id" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus...

CWE-2952017

CVE-2018-0334

MEDIUM
CVSS:4.8(Medium)

A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could a...

CWE-2952018

CVE-2019-3875

MEDIUM
CVSS:4.8(Medium)

A vulnerability was found in keycloak before 6.0.2. The X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided i...

CWE-2952019

CVE-2020-10059

MEDIUM
CVSS:4.8(Medium)

The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DT...

CWE-2952020

CVE-2020-2252

MEDIUM
CVSS:4.8(Medium)

Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.

CWE-2952020