Detections
Analytics
Fortinet FortiClient Credentials can be dumped from memory (FG-IR-23-278)
medium Nessus Plugin ID 213192
Language:
Synopsis
remote Windows host is missing one or more security-related updates.Description
The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-278 advisory.- A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector (CVE-2024-50570)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
For 7.0.x, upgrade to FortiClient version 7.0.14 or later. For 7.2.x, upgrade to FortiClient version 7.2.7 or later. For 7.4.x, upgrade to FortiClient version 7.4.2 or later.See Also
https://www.fortiguard.com/psirt/FG-IR-23-278
Plugin Details
Severity: Medium
ID: 213192
File Name: forticlient_FG-IR-23-278.nasl
Version: 1.3
Type: local
Agent: windows
Family: Windows
Published: 12/18/2024
Updated: 4/22/2025
Configuration: Enable paranoid mode
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Low
Base Score: 3.7
Temporal Score: 2.7
Vector: CVSS2#AV:L/AC:H/Au:M/C:C/I:N/A:N
CVSS Score Source: CVE-2024-50570
CVSS v3
Risk Factor: Medium
Base Score: 5
Temporal Score: 4.4
Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:fortinet:forticlient
Required KB Items: Settings/ParanoidReport, installed_sw/FortiClient
Exploit Ease: No known exploits are available
Patch Publication Date: 12/18/2024
Vulnerability Publication Date: 12/18/2024
Reference Information
CVE: CVE-2024-50570
IAVA: 2024-A-0828