CVE-2024-35282

A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an unauthenticated attacker that has physical access to a jailbroken device to obtain cleartext passwords via keychain dump.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:iphone_os:*:*

History

20 Sep 2024, 19:44

Type Values Removed Values Added
CPE cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:iphone_os:*:*
First Time Fortinet forticlient
Fortinet
Summary
  • (es) Una vulnerabilidad de almacenamiento de texto plano de información confidencial en la memoria [CWE-316] que afecta a FortiClient VPN iOS 7.2 todas las versiones, 7.0 todas las versiones, 6.4 todas las versiones, 6.2 todas las versiones, 6.0 todas las versiones puede permitir que un atacante no autenticado que tenga acceso físico a un dispositivo con jailbreak obtenga contraseñas en texto plano a través de un volcado de llavero.
References () https://fortiguard.fortinet.com/psirt/FG-IR-24-139 - () https://fortiguard.fortinet.com/psirt/FG-IR-24-139 - Vendor Advisory
CWE CWE-312
CVSS v2 : unknown
v3 : 4.2
v2 : unknown
v3 : 4.6

10 Sep 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-10 15:15

Updated : 2024-09-20 19:44


NVD link : CVE-2024-35282

Mitre link : CVE-2024-35282

CVE.ORG link : CVE-2024-35282


JSON object : View

Products Affected

fortinet

  • forticlient
CWE
CWE-312

Cleartext Storage of Sensitive Information

CWE-316

Cleartext Storage of Sensitive Information in Memory