What is the severity of FG-IR-23-278?

The severity of FG-IR-23-278 is classified as medium due to the potential exposure of sensitive information.

How do I fix FG-IR-23-278?

To fix FG-IR-23-278, upgrade FortiClient Windows to version 7.4.2 or later, or FortiClient Linux to version 7.4.3 or later.

Who is affected by FG-IR-23-278?

FG-IR-23-278 affects users of FortiClient Windows and FortiClient Linux versions prior to the specified fixed versions.

What information is at risk in FG-IR-23-278?

FG-IR-23-278 risks exposing VPN passwords stored in cleartext, which could be accessed by local authenticated users.

Is there a workaround for FG-IR-23-278?

Currently, there are no official workarounds for FG-IR-23-278, and users are advised to upgrade to safe versions.

Vulnerability/
FG-IR-23-278

medium

4.9

18/12/2024

23/4/2025

FG-IR-23-278: Credentials can be dumped from memory

First published: Wed Dec 18 2024(Updated: )

A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClient Windows and FortiClient Linux may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector

Affected Software	Affected Version	How to fix
Fortinet FortiClient Linux	>=7.4.0<=7.4.2
Fortinet FortiClient Linux	>=7.2.0<=7.2.7
Fortinet FortiClient Linux	>=7.0
Fortinet FortiClient	>=7.4.0<=7.4.1
Fortinet FortiClient	>=7.2.0<=7.2.6
Fortinet FortiClient	>=7.0.0<=7.0.13

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of FG-IR-23-278?
The severity of FG-IR-23-278 is classified as medium due to the potential exposure of sensitive information.
How do I fix FG-IR-23-278?
To fix FG-IR-23-278, upgrade FortiClient Windows to version 7.4.2 or later, or FortiClient Linux to version 7.4.3 or later.
Who is affected by FG-IR-23-278?
FG-IR-23-278 affects users of FortiClient Windows and FortiClient Linux versions prior to the specified fixed versions.
What information is at risk in FG-IR-23-278?
FG-IR-23-278 risks exposing VPN passwords stored in cleartext, which could be accessed by local authenticated users.
Is there a workaround for FG-IR-23-278?
Currently, there are no official workarounds for FG-IR-23-278, and users are advised to upgrade to safe versions.

collector/fortiguard-psirt-latest
source/FortiGuard
alias/CVE-2024-50570
agent/source
agent/type
collector/fortiguard-psirt
agent/software-canonical-lookup
agent/title
agent/last-modified-date
agent/severity
agent/softwarecombine
agent/tags
agent/first-publish-date
agent/references
agent/description
agent/event
vendor/fortinet
canonical/fortinet forticlient linux
version/fortinet forticlient linux/7.4.0
version/fortinet forticlient linux/7.4.2
version/fortinet forticlient linux/7.2.0
version/fortinet forticlient linux/7.2.7
version/fortinet forticlient linux/7.0
canonical/fortinet forticlient
version/fortinet forticlient/7.4.0
version/fortinet forticlient/7.4.1
version/fortinet forticlient/7.2.0
version/fortinet forticlient/7.2.6
version/fortinet forticlient/7.0.0
version/fortinet forticlient/7.0.13

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.