Main Vulnerability Database Vulnerabilities #VU97118

Cleartext storage of sensitive information in FortiClient (iOS) - CVE-2024-35282

Published: September 10, 2024

Vulnerability identifier: #VU97118

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-35282

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
FortiClient (iOS)

Detailed vulnerability description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to cleartext storage of sensitive information in memory vulnerability. An attacker with physical access to a jailbroken device to obtain cleartext passwords via keychain dump.

How to mitigate CVE-2024-35282

Install updates from vendor's website.

Sources

https://www.fortiguard.com/psirt/FG-IR-24-139

Cleartext storage of sensitive information in FortiClient (iOS) - CVE-2024-35282

Detailed vulnerability description

How to mitigate CVE-2024-35282

Sources

Please verify you're human