CVE-2024-50570
published 2024-12-18CVE-2024-50570: A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and…
medium5CVSS 3.1
AVLACHPRHUIRSCCHINAN
A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | forticlient | — | — |
| fortinet | forticlient | >= 7.0.0 < 7.0.14 | 7.0.14 |
| fortinet | forticlient | >= 7.0.0 < 7.2.8 | 7.2.8 |
| fortinet | forticlient | >= 7.2.0 < 7.2.7 | 7.2.7 |
| fortinet | forticlient | >= 7.4.0 < 7.4.2 | 7.4.2 |
| fortinet | forticlient | >= 7.4.0 < 7.4.3 | 7.4.3 |
| fortinet | forticlientlinux | — | — |
| fortinet | forticlientlinux | 7.0.0 – 7.0.13 | — |
| fortinet | forticlientlinux | 7.2.0 – 7.2.7 | — |
| fortinet | forticlientlinux | 7.4.0 – 7.4.2 | — |
| fortinet | forticlientmac | 7.0.0 – 7.0.14 | — |
| fortinet | forticlientmac | 7.2.0 – 7.2.7 | — |
| fortinet | forticlientmac | 7.4.0 – 7.4.2 | — |
| fortinet | forticlientwindows | — | — |
| fortinet | forticlientwindows | — | — |
| fortinet | forticlientwindows | 7.0.0 – 7.0.13 | — |
| fortinet | forticlientwindows | 7.2.0 – 7.2.5 | — |
CVSS provenance
nvdv3.15.0MEDIUMCVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
vulncheck5.0MEDIUM