Search criteria
4 vulnerabilities found for FortiClientiOS by Fortinet
CVE-2022-45856 (GCVE-0-2022-45856)
Vulnerability from cvelistv5 – Published: 2024-09-10 14:37 – Updated: 2024-09-10 19:01
VLAI
Summary
An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and both the service provider and the identity provider.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Information disclosure
Assigner
References
1 reference
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientiOS |
Affected:
7.0.3 , ≤ 7.0.6
(semver)
Affected: 7.0.0 , ≤ 7.0.1 (semver) Affected: 6.0.0 , ≤ 6.0.1 (semver) Affected: 5.6.5 , ≤ 5.6.6 (semver) Affected: 5.6.0 , ≤ 5.6.1 (semver) Affected: 5.4.3 , ≤ 5.4.4 (semver) Affected: 5.4.0 , ≤ 5.4.1 (semver) Affected: 5.2.0 , ≤ 5.2.3 (semver) Affected: 5.0.0 , ≤ 5.0.3 (semver) Affected: 4.0.0 , ≤ 4.0.2 (semver) Affected: 2.0.0 , ≤ 2.0.1 (semver) cpe:2.3:a:fortinet:forticlientios:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.6.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.6.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:4.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:4.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:2.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:2.0.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiClientAndroid |
Affected:
7.2.0
Affected: 7.0.6 , ≤ 7.0.7 (semver) Affected: 7.0.2 , ≤ 7.0.3 (semver) Affected: 7.0.0 Affected: 6.4.6 Affected: 6.4.4 Affected: 6.4.1 Affected: 6.0.0 Affected: 5.6.0 Affected: 5.4.0 , ≤ 5.4.2 (semver) Affected: 5.2.0 , ≤ 5.2.8 (semver) Affected: 5.0.0 , ≤ 5.0.3 (semver) |
|
| Fortinet | FortiClientMac |
Affected:
7.2.0 , ≤ 7.2.4
(semver)
Affected: 7.0.0 , ≤ 7.0.13 (semver) Affected: 6.4.0 , ≤ 6.4.10 (semver) |
|
| Fortinet | FortiClientLinux |
Affected:
7.2.0 , ≤ 7.2.4
(semver)
Affected: 7.0.0 , ≤ 7.0.13 (semver) Affected: 6.4.7 , ≤ 6.4.9 (semver) Affected: 6.4.0 , ≤ 6.4.4 (semver) |
|
| Fortinet | FortiClientWindows |
Affected:
7.0.0 , ≤ 7.0.7
(semver)
Affected: 6.4.0 , ≤ 6.4.10 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45856",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T19:01:07.692905Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T19:01:23.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientios:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.6.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.6.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:4.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:4.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:4.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:2.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:2.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiClientiOS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.1",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.6.6",
"status": "affected",
"version": "5.6.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.6.1",
"status": "affected",
"version": "5.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.4",
"status": "affected",
"version": "5.4.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.1",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.3",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.0.3",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.2",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientAndroid",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"lessThanOrEqual": "7.0.7",
"status": "affected",
"version": "7.0.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.2",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "6.4.6"
},
{
"status": "affected",
"version": "6.4.4"
},
{
"status": "affected",
"version": "6.4.1"
},
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "5.6.0"
},
{
"lessThanOrEqual": "5.4.2",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.8",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.0.3",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientLinux",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.9",
"status": "affected",
"version": "6.4.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.4",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientWindows",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to\u00a0man-in-the-middle the communication between the FortiClient and\u00a0 both the service provider and the identity provider."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:37:48.663Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-22-230",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-230"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientAndroid version 7.2.1 or above \nPlease upgrade to FortiClientiOS version 7.0.7 or above \nPlease upgrade to FortiClientMac version 7.4.0 or above \nPlease upgrade to FortiClientMac version 7.2.5 or above \nPlease upgrade to FortiClientLinux version 7.4.0 or above \nPlease upgrade to FortiClientLinux version 7.2.5 or above \nPlease upgrade to FortiClientWindows version 7.2.0 or above \nPlease upgrade to FortiClientWindows version 7.0.8 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-45856",
"datePublished": "2024-09-10T14:37:48.663Z",
"dateReserved": "2022-11-23T14:57:05.612Z",
"dateUpdated": "2024-09-10T19:01:23.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35282 (GCVE-0-2024-35282)
Vulnerability from cvelistv5 – Published: 2024-09-10 14:37 – Updated: 2026-01-14 09:18
VLAI
Summary
A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an unauthenticated attacker that has physical access to a jailbroken device to obtain cleartext passwords via keychain dump.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-316 - Information disclosure
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientiOS |
Affected:
7.2.0 , ≤ 7.2.5
(semver)
Affected: 7.0.3 , ≤ 7.0.9 (semver) Affected: 7.0.0 , ≤ 7.0.1 (semver) Affected: 6.4.2 , ≤ 6.4.6 (semver) Affected: 6.4.0 Affected: 6.2.1 , ≤ 6.2.4 (semver) Affected: 6.0.0 , ≤ 6.0.5 (semver) cpe:2.3:a:fortinet:forticlientios:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35282",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:32:37.826003Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T17:32:49.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientios:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiClientiOS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.9",
"status": "affected",
"version": "7.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.1",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.6",
"status": "affected",
"version": "6.4.2",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.4.0"
},
{
"lessThanOrEqual": "6.2.4",
"status": "affected",
"version": "6.2.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.5",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an unauthenticated attacker that has physical access to a jailbroken device to obtain cleartext passwords via keychain dump."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-316",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T09:18:24.786Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-139",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-139"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiClientiOS version 7.4.0 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-35282",
"datePublished": "2024-09-10T14:37:46.189Z",
"dateReserved": "2024-05-14T21:15:19.191Z",
"dateUpdated": "2026-01-14T09:18:24.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-45856 (GCVE-0-2022-45856)
Vulnerability from nvd – Published: 2024-09-10 14:37 – Updated: 2024-09-10 19:01
VLAI
Summary
An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and both the service provider and the identity provider.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Information disclosure
Assigner
References
1 reference
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientiOS |
Affected:
7.0.3 , ≤ 7.0.6
(semver)
Affected: 7.0.0 , ≤ 7.0.1 (semver) Affected: 6.0.0 , ≤ 6.0.1 (semver) Affected: 5.6.5 , ≤ 5.6.6 (semver) Affected: 5.6.0 , ≤ 5.6.1 (semver) Affected: 5.4.3 , ≤ 5.4.4 (semver) Affected: 5.4.0 , ≤ 5.4.1 (semver) Affected: 5.2.0 , ≤ 5.2.3 (semver) Affected: 5.0.0 , ≤ 5.0.3 (semver) Affected: 4.0.0 , ≤ 4.0.2 (semver) Affected: 2.0.0 , ≤ 2.0.1 (semver) cpe:2.3:a:fortinet:forticlientios:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.6.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.6.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:4.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:4.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:2.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:2.0.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiClientAndroid |
Affected:
7.2.0
Affected: 7.0.6 , ≤ 7.0.7 (semver) Affected: 7.0.2 , ≤ 7.0.3 (semver) Affected: 7.0.0 Affected: 6.4.6 Affected: 6.4.4 Affected: 6.4.1 Affected: 6.0.0 Affected: 5.6.0 Affected: 5.4.0 , ≤ 5.4.2 (semver) Affected: 5.2.0 , ≤ 5.2.8 (semver) Affected: 5.0.0 , ≤ 5.0.3 (semver) |
|
| Fortinet | FortiClientMac |
Affected:
7.2.0 , ≤ 7.2.4
(semver)
Affected: 7.0.0 , ≤ 7.0.13 (semver) Affected: 6.4.0 , ≤ 6.4.10 (semver) |
|
| Fortinet | FortiClientLinux |
Affected:
7.2.0 , ≤ 7.2.4
(semver)
Affected: 7.0.0 , ≤ 7.0.13 (semver) Affected: 6.4.7 , ≤ 6.4.9 (semver) Affected: 6.4.0 , ≤ 6.4.4 (semver) |
|
| Fortinet | FortiClientWindows |
Affected:
7.0.0 , ≤ 7.0.7
(semver)
Affected: 6.4.0 , ≤ 6.4.10 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45856",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T19:01:07.692905Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T19:01:23.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientios:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.6.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.6.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:4.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:4.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:4.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:2.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:2.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiClientiOS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.1",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.6.6",
"status": "affected",
"version": "5.6.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.6.1",
"status": "affected",
"version": "5.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.4",
"status": "affected",
"version": "5.4.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.1",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.3",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.0.3",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.2",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientAndroid",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"lessThanOrEqual": "7.0.7",
"status": "affected",
"version": "7.0.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.2",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "6.4.6"
},
{
"status": "affected",
"version": "6.4.4"
},
{
"status": "affected",
"version": "6.4.1"
},
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "5.6.0"
},
{
"lessThanOrEqual": "5.4.2",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.8",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.0.3",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientLinux",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.9",
"status": "affected",
"version": "6.4.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.4",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientWindows",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to\u00a0man-in-the-middle the communication between the FortiClient and\u00a0 both the service provider and the identity provider."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:37:48.663Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-22-230",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-230"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientAndroid version 7.2.1 or above \nPlease upgrade to FortiClientiOS version 7.0.7 or above \nPlease upgrade to FortiClientMac version 7.4.0 or above \nPlease upgrade to FortiClientMac version 7.2.5 or above \nPlease upgrade to FortiClientLinux version 7.4.0 or above \nPlease upgrade to FortiClientLinux version 7.2.5 or above \nPlease upgrade to FortiClientWindows version 7.2.0 or above \nPlease upgrade to FortiClientWindows version 7.0.8 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-45856",
"datePublished": "2024-09-10T14:37:48.663Z",
"dateReserved": "2022-11-23T14:57:05.612Z",
"dateUpdated": "2024-09-10T19:01:23.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35282 (GCVE-0-2024-35282)
Vulnerability from nvd – Published: 2024-09-10 14:37 – Updated: 2026-01-14 09:18
VLAI
Summary
A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an unauthenticated attacker that has physical access to a jailbroken device to obtain cleartext passwords via keychain dump.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-316 - Information disclosure
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientiOS |
Affected:
7.2.0 , ≤ 7.2.5
(semver)
Affected: 7.0.3 , ≤ 7.0.9 (semver) Affected: 7.0.0 , ≤ 7.0.1 (semver) Affected: 6.4.2 , ≤ 6.4.6 (semver) Affected: 6.4.0 Affected: 6.2.1 , ≤ 6.2.4 (semver) Affected: 6.0.0 , ≤ 6.0.5 (semver) cpe:2.3:a:fortinet:forticlientios:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientios:6.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35282",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:32:37.826003Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T17:32:49.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientios:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientios:6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiClientiOS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.9",
"status": "affected",
"version": "7.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.1",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.6",
"status": "affected",
"version": "6.4.2",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.4.0"
},
{
"lessThanOrEqual": "6.2.4",
"status": "affected",
"version": "6.2.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.5",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an unauthenticated attacker that has physical access to a jailbroken device to obtain cleartext passwords via keychain dump."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-316",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T09:18:24.786Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-139",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-139"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiClientiOS version 7.4.0 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-35282",
"datePublished": "2024-09-10T14:37:46.189Z",
"dateReserved": "2024-05-14T21:15:19.191Z",
"dateUpdated": "2026-01-14T09:18:24.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}