CVE-2024-50570

Name of the Vulnerable Software and Affected Versions: FortiClientWindows versions 7.0.0 through 7.0.13 FortiClientWindows versions 7.2.0 through 7.2.6 FortiClientWindows versions 7.4.0 through 7.4.1 FortiClientLinux versions 7.0.0 through 7.0.13 FortiClientLinux versions 7.2.0 through 7.2.7 FortiClientLinux versions 7.4.0 through 7.4.2

Description: A Cleartext Storage of Sensitive Information issue may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector. This could allow unauthorized access to sensitive information.

Recommendations: For FortiClientWindows versions 7.0.0 through 7.0.13, update to a version that fixes the Cleartext Storage of Sensitive Information issue. For FortiClientWindows versions 7.2.0 through 7.2.6, update to a version that fixes the Cleartext Storage of Sensitive Information issue. For FortiClientWindows versions 7.4.0 through 7.4.1, update to a version that fixes the Cleartext Storage of Sensitive Information issue. For FortiClientLinux versions 7.0.0 through 7.0.13, update to a version that fixes the Cleartext Storage of Sensitive Information issue. For FortiClientLinux versions 7.2.0 through 7.2.7, update to a version that fixes the Cleartext Storage of Sensitive Information issue. For FortiClientLinux versions 7.4.0 through 7.4.2, update to a version that fixes the Cleartext Storage of Sensitive Information issue. As a temporary workaround, consider disabling JavaScript or restricting access to sensitive information until a patch is available.