Main Vulnerability Database Vulnerabilities #VU100575

#VU100575 Unprotected storage of credentials in Fortinet FortiClient for Windows

Published: November 18, 2024

Vulnerability identifier: #VU100575

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: N/A

CWE-ID: CWE-256

Exploitation vector: Local access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
Fortinet FortiClient for Windows

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a local user to gain access to VPN client credentials.

The vulnerability exists due to application stores user's VPN credentials in plain text in memory after establishing the VPN connection. A local user or a malicious application can retrieve these credentials from the process memory and use them later to connect to the Fortinet VPN server.

Note, the vulnerability is being actively exploited in the wild by the DEEPDATA malware.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/

#VU100575 Unprotected storage of credentials in Fortinet FortiClient for Windows

Description

Remediation

External links

Please verify you're human