6 matches found
CVE-2015-1570
The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate...
PT-2024-5391 · Sonicwall · Sonicwall Sma100 +1
Name of the Vulnerable Software and Affected Versions: SonicWall NetExtender versions 10.2.339 and earlier Description: The issue is related to incorrect code generation management in the Enable Client Autoupdate service of the Remote Access End Point Control EPC in SonicWall NetExtender. This ca...
Design/Logic Flaw
Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of...
Government VPN Servers Targeted in Zero-Day Attack
As the Chinese government turns to virtual private networks VPNs to provide access to official resources for those working remotely amid the COVID-19 pandemic, the DarkHotel APT has seized the opportunity to target those VPNs in a zero-day attack, researchers said. According to security analysts...
CVE-2015-1570
The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate...
Design/Logic Flaw
The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate...