CVE-2024-35282

A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an unauthenticated attacker that has physical access to a jailbroken device to obtain cleartext passwords via keychain dump.

CVSS v3 4.6 MEDIUM

4.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-139	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:iphone_os:*:*

History

20 Sep 2024, 19:44

Type	Values Removed	Values Added
CPE		cpe:2.3:a:fortinet:forticlient::::::iphone_os::*
CVSS	v2 : ~~unknown~~ v3 : ~~4.2~~	v2 : unknown v3 : 4.6
References	~~() https://fortiguard.fortinet.com/psirt/FG-IR-24-139 -~~	() https://fortiguard.fortinet.com/psirt/FG-IR-24-139 - Vendor Advisory
CWE		CWE-312
First Time		Fortinet Fortinet forticlient
Summary		(es) Una vulnerabilidad de almacenamiento de texto plano de información confidencial en la memoria [CWE-316] que afecta a FortiClient VPN iOS 7.2 todas las versiones, 7.0 todas las versiones, 6.4 todas las versiones, 6.2 todas las versiones, 6.0 todas las versiones puede permitir que un atacante no autenticado que tenga acceso físico a un dispositivo con jailbreak obtenga contraseñas en texto plano a través de un volcado de llavero.

10 Sep 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-10 15:15

Updated : 2024-09-20 19:44

NVD link : CVE-2024-35282

Mitre link : CVE-2024-35282

CVE.ORG link : CVE-2024-35282

JSON object : View

Products Affected

fortinet

forticlient

CWE

CWE-312

Cleartext Storage of Sensitive Information

CWE-316

Cleartext Storage of Sensitive Information in Memory

{"id": "CVE-2024-35282", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}, {"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.5}]}, "published": "2024-09-10T15:15:16.397", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-139", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-312"}]}, {"type": "Secondary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-316"}]}], "descriptions": [{"lang": "en", "value": "A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an unauthenticated attacker that has physical access to a jailbroken device to obtain cleartext passwords via keychain dump."}, {"lang": "es", "value": "Una vulnerabilidad de almacenamiento de texto plano de informaci\u00f3n confidencial en la memoria [CWE-316] que afecta a FortiClient VPN iOS 7.2 todas las versiones, 7.0 todas las versiones, 6.4 todas las versiones, 6.2 todas las versiones, 6.0 todas las versiones puede permitir que un atacante no autenticado que tenga acceso f\u00edsico a un dispositivo con jailbreak obtenga contrase\u00f1as en texto plano a trav\u00e9s de un volcado de llavero."}], "lastModified": "2024-09-20T19:44:17.557", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "E4C7743A-14D7-4DB0-A1CF-520D8A3E582B", "versionEndIncluding": "7.2.5", "versionStartIncluding": "6.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}