A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector
Fixes

Solution

Please upgrade to FortiClientLinux version 7.4.3 or above Please upgrade to FortiClientLinux version 7.2.8 or above Please upgrade to FortiClientLinux version 7.0.14 or above Please upgrade to FortiClientWindows version 7.4.2 or above Please upgrade to FortiClientWindows version 7.2.7 or above Please upgrade to FortiClientWindows version 7.0.14 or above


Workaround

No workaround given by the vendor.

History

Thu, 24 Jul 2025 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Fortinet forticlient
CPEs cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*
cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*
Vendors & Products Fortinet forticlient

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 8e-05}

epss

{'score': 9e-05}


Wed, 18 Dec 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 18 Dec 2024 13:00:00 +0000

Type Values Removed Values Added
Description A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector
Weaknesses CWE-312
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N/E:F/RL:X/RC:X'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2025-08-27T21:29:14.762Z

Reserved: 2024-10-24T11:52:14.402Z

Link: CVE-2024-50570

cve-icon Vulnrichment

Updated: 2024-12-18T14:33:12.270Z

cve-icon NVD

Status : Analyzed

Published: 2024-12-18T13:15:06.723

Modified: 2025-07-24T19:02:14.427

Link: CVE-2024-50570

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-12T16:01:29Z