CVE-2024-54019

A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another form of redirection.

Published: Jun 10, 2025
Updated: Jul 26, 2025
CVE: CVE-2024-54019
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWEs:

CWE-297

Affected Software
References

Software	From	Fixed in
fortinet / forticlient	7.4.0	7.4.0.x
fortinet / forticlient	7.0.0	7.2.7

https://fortiguard.fortinet.com/psirt/FG-IR-24-365

Vulnerability Database

CVE-2024-54019