PT-2024-9824 · Fortinet · Forticlient Vpn

Published

2024-09-10

Updated

2024-09-20

CVE-2024-35282

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: FortiClient VPN iOS versions 6.0 through 7.2

Description: A cleartext storage of sensitive information in memory issue may allow an unauthenticated attacker with physical access to a jailbroken device to obtain cleartext passwords via keychain dump. This issue is related to the storage of confidential information in unencrypted form in memory, which can be exploited to gain unauthorized access to protected information.

Recommendations: For FortiClient VPN iOS versions 6.0 through 7.2, consider disabling the keychain dump functionality as a temporary workaround until a patch is available. Restrict access to the device to minimize the risk of exploitation, especially on jailbroken devices.

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-316CWE-312

Related Identifiers

BDU:2024-11600

CVE-2024-35282

Affected Products

Forticlient Vpn

PT-2024-9824 · Fortinet · Forticlient Vpn

CVE-2024-35282

Weakness Enumeration

Related Identifiers

Affected Products

References · 10