CVE-2024-50570 - Vulnerability Details

Link	Providers
https://fortiguard.fortinet.com/psirt/FG-IR-23-278

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Description		A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector
Weaknesses		CWE-312
References		https://fortiguard.fortinet.com/psirt/FG-IR-23-278
Metrics		cvssV3_1 `{'score': 4.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N/E:F/RL:X/RC:X'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-50570", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2024-10-24T11:52:14.402Z", "datePublished": "2024-12-18T12:44:38.644Z", "dateUpdated": "2024-12-18T14:44:04.613Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiClientMac", "cpes": [], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.2", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.7", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.14", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiClientLinux", "cpes": [], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.2", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.7", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.13", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiClientWindows", "cpes": [], "defaultStatus": "unaffected", "versions": [{"version": "7.4.0", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.5", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.13", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector"}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-12-18T12:44:38.644Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-312", "description": "Information disclosure", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N/E:F/RL:X/RC:X"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiClientLinux version 7.4.3 or above \nPlease upgrade to FortiClientLinux version 7.2.8 or above \nPlease upgrade to FortiClientLinux version 7.0.14 or above \nPlease upgrade to FortiClientWindows version 7.4.2 or above \nPlease upgrade to FortiClientWindows version 7.2.7 or above \nPlease upgrade to FortiClientWindows version 7.0.14 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-278", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-278"}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-312", "lang": "en", "description": "CWE-312 Cleartext Storage of Sensitive Information"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-12-18T14:30:59.618705Z", "id": "CVE-2024-50570", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-18T14:44:04.613Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2024-50570 (string)

assignerOrgId : 6abe59d8-c742-4dff-8ce8-9b0ca1073da8 (string)

state : PUBLISHED (string)

assignerShortName : fortinet (string)

dateReserved : 2024-10-24T11:52:14.402Z (string)

datePublished : 2024-12-18T12:44:38.644Z (string)

dateUpdated : 2024-12-18T14:44:04.613Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

vendor : Fortinet (string)

product : FortiClientMac (string)

cpes : [ *empty* ]

defaultStatus : unaffected (string)

versions : [ »

0 : { »

versionType : semver (string)

version : 7.4.0 (string)

lessThanOrEqual : 7.4.2 (string)

status : affected (string)

}

1 : { »

versionType : semver (string)

version : 7.2.0 (string)

lessThanOrEqual : 7.2.7 (string)

status : affected (string)

}

2 : { »

versionType : semver (string)

version : 7.0.0 (string)

lessThanOrEqual : 7.0.14 (string)

status : affected (string)

}

]

}

1 : { »

vendor : Fortinet (string)

product : FortiClientLinux (string)

cpes : [ *empty* ]

defaultStatus : unaffected (string)

versions : [ »

0 : { »

versionType : semver (string)

version : 7.4.0 (string)

lessThanOrEqual : 7.4.2 (string)

status : affected (string)

}

1 : { »

versionType : semver (string)

version : 7.2.0 (string)

lessThanOrEqual : 7.2.7 (string)

status : affected (string)

}

2 : { »

versionType : semver (string)

version : 7.0.0 (string)

lessThanOrEqual : 7.0.13 (string)

status : affected (string)

}

]

}

2 : { »

vendor : Fortinet (string)

product : FortiClientWindows (string)

cpes : [ *empty* ]

defaultStatus : unaffected (string)

versions : [ »

0 : { »

version : 7.4.0 (string)

status : affected (string)

}

1 : { »

versionType : semver (string)

version : 7.2.0 (string)

lessThanOrEqual : 7.2.5 (string)

status : affected (string)

}

2 : { »

versionType : semver (string)

version : 7.0.0 (string)

lessThanOrEqual : 7.0.13 (string)

status : affected (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector (string)

}

]

providerMetadata : { »

orgId : 6abe59d8-c742-4dff-8ce8-9b0ca1073da8 (string)

shortName : fortinet (string)

dateUpdated : 2024-12-18T12:44:38.644Z (string)

}

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

cweId : CWE-312 (string)

description : Information disclosure (string)

type : CWE (string)

}

]

}

]

metrics : [ »

0 : { »

format : CVSS (string)

cvssV3_1 : { »

version : 3.1 (string)

attackComplexity : HIGH (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 4.9 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : HIGH (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N/E:F/RL:X/RC:X (string)

}

]

solutions : [ »

0 : { »

lang : en (string)

value : Please upgrade to FortiClientLinux version 7.4.3 or above Please upgrade to FortiClientLinux version 7.2.8 or above Please upgrade to FortiClientLinux version 7.0.14 or above Please upgrade to FortiClientWindows version 7.4.2 or above Please upgrade to FortiClientWindows version 7.2.7 or above Please upgrade to FortiClientWindows version 7.0.14 or above (string)

}

]

references : [ »

0 : { »

name : https://fortiguard.fortinet.com/psirt/FG-IR-23-278 (string)

url : https://fortiguard.fortinet.com/psirt/FG-IR-23-278 (string)

}

]

}

adp : [ »

0 : { »

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : CWE (string)

cweId : CWE-312 (string)

lang : en (string)

description : CWE-312 Cleartext Storage of Sensitive Information (string)

}

]

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

scope : CHANGED (string)

version : 3.1 (string)

baseScore : 5 (number)

attackVector : LOCAL (string)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N (string)

integrityImpact : NONE (string)

userInteraction : REQUIRED (string)

attackComplexity : HIGH (string)

availabilityImpact : NONE (string)

privilegesRequired : HIGH (string)

confidentialityImpact : HIGH (string)

}

1 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-12-18T14:30:59.618705Z (string)

id : CVE-2024-50570 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-12-18T14:44:04.613Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-50570", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-18T14:30:59.618705Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-18T14:33:12.270Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N/E:F/RL:X/RC:X", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": [], "vendor": "Fortinet", "product": "FortiClientMac", "versions": [{"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.2"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.7"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.14"}], "defaultStatus": "unaffected"}, {"cpes": [], "vendor": "Fortinet", "product": "FortiClientLinux", "versions": [{"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.2"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.7"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.13"}], "defaultStatus": "unaffected"}, {"cpes": [], "vendor": "Fortinet", "product": "FortiClientWindows", "versions": [{"status": "affected", "version": "7.4.0"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.5"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.13"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiClientLinux version 7.4.3 or above \nPlease upgrade to FortiClientLinux version 7.2.8 or above \nPlease upgrade to FortiClientLinux version 7.0.14 or above \nPlease upgrade to FortiClientWindows version 7.4.2 or above \nPlease upgrade to FortiClientWindows version 7.2.7 or above \nPlease upgrade to FortiClientWindows version 7.0.14 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-278", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-278"}], "descriptions": [{"lang": "en", "value": "A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-312", "description": "Information disclosure"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-12-18T12:44:38.644Z"}}}, "cveMetadata": {"cveId": "CVE-2024-50570", "state": "PUBLISHED", "dateUpdated": "2024-12-18T14:44:04.613Z", "dateReserved": "2024-10-24T11:52:14.402Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2024-12-18T12:44:38.644Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

cvssV3_1 : { »

scope : CHANGED (string)

version : 3.1 (string)

baseScore : 5 (number)

attackVector : LOCAL (string)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N (string)

integrityImpact : NONE (string)

userInteraction : REQUIRED (string)

attackComplexity : HIGH (string)

availabilityImpact : NONE (string)

privilegesRequired : HIGH (string)

confidentialityImpact : HIGH (string)

}

1 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-50570 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-12-18T14:30:59.618705Z (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-312 (string)

description : CWE-312 Cleartext Storage of Sensitive Information (string)

}

]

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-12-18T14:33:12.270Z (string)

}

]

cna : { »

metrics : [ »

0 : { »

format : CVSS (string)

cvssV3_1 : { »

scope : CHANGED (string)

version : 3.1 (string)

baseScore : 4.9 (number)

attackVector : LOCAL (string)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N/E:F/RL:X/RC:X (string)

integrityImpact : NONE (string)

userInteraction : REQUIRED (string)

attackComplexity : HIGH (string)

availabilityImpact : NONE (string)

privilegesRequired : HIGH (string)

confidentialityImpact : HIGH (string)

}

]

affected : [ »

0 : { »

cpes : [ *empty* ]

vendor : Fortinet (string)

product : FortiClientMac (string)

versions : [ »

0 : { »

status : affected (string)

version : 7.4.0 (string)

versionType : semver (string)

lessThanOrEqual : 7.4.2 (string)

}

1 : { »

status : affected (string)

version : 7.2.0 (string)

versionType : semver (string)

lessThanOrEqual : 7.2.7 (string)

}

2 : { »

status : affected (string)

version : 7.0.0 (string)

versionType : semver (string)

lessThanOrEqual : 7.0.14 (string)

}

]

defaultStatus : unaffected (string)

}

1 : { »

cpes : [ *empty* ]

vendor : Fortinet (string)

product : FortiClientLinux (string)

versions : [ »

0 : { »

status : affected (string)

version : 7.4.0 (string)

versionType : semver (string)

lessThanOrEqual : 7.4.2 (string)

}

1 : { »

status : affected (string)

version : 7.2.0 (string)

versionType : semver (string)

lessThanOrEqual : 7.2.7 (string)

}

2 : { »

status : affected (string)

version : 7.0.0 (string)

versionType : semver (string)

lessThanOrEqual : 7.0.13 (string)

}

]

defaultStatus : unaffected (string)

}

2 : { »

cpes : [ *empty* ]

vendor : Fortinet (string)

product : FortiClientWindows (string)

versions : [ »

0 : { »

status : affected (string)

version : 7.4.0 (string)

}

1 : { »

status : affected (string)

version : 7.2.0 (string)

versionType : semver (string)

lessThanOrEqual : 7.2.5 (string)

}

2 : { »

status : affected (string)

version : 7.0.0 (string)

versionType : semver (string)

lessThanOrEqual : 7.0.13 (string)

}

]

defaultStatus : unaffected (string)

}

]

solutions : [ »

0 : { »

lang : en (string)

value : Please upgrade to FortiClientLinux version 7.4.3 or above Please upgrade to FortiClientLinux version 7.2.8 or above Please upgrade to FortiClientLinux version 7.0.14 or above Please upgrade to FortiClientWindows version 7.4.2 or above Please upgrade to FortiClientWindows version 7.2.7 or above Please upgrade to FortiClientWindows version 7.0.14 or above (string)

}

]

references : [ »

0 : { »

url : https://fortiguard.fortinet.com/psirt/FG-IR-23-278 (string)

name : https://fortiguard.fortinet.com/psirt/FG-IR-23-278 (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-312 (string)

description : Information disclosure (string)

}

]

}

]

providerMetadata : { »

orgId : 6abe59d8-c742-4dff-8ce8-9b0ca1073da8 (string)

shortName : fortinet (string)

dateUpdated : 2024-12-18T12:44:38.644Z (string)

}

cveMetadata : { »

cveId : CVE-2024-50570 (string)

state : PUBLISHED (string)

dateUpdated : 2024-12-18T14:44:04.613Z (string)

dateReserved : 2024-10-24T11:52:14.402Z (string)

assignerOrgId : 6abe59d8-c742-4dff-8ce8-9b0ca1073da8 (string)

datePublished : 2024-12-18T12:44:38.644Z (string)

assignerShortName : fortinet (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector"}], "id": "CVE-2024-50570", "lastModified": "2024-12-18T15:15:12.660", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.6, "impactScore": 4.0, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.6, "impactScore": 4.0, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-12-18T13:15:06.723", "references": [{"source": "psirt@fortinet.com", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-278"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "psirt@fortinet.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-312"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Primary"}]}

{

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector (string)

}

]

id : CVE-2024-50570 (string)

lastModified : 2024-12-18T15:15:12.660 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : HIGH (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 0.6 (number)

impactScore : 4 (number)

source : psirt@fortinet.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : HIGH (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 0.6 (number)

impactScore : 4 (number)

source : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

type : Secondary (string)

}

]

}

published : 2024-12-18T13:15:06.723 (string)

references : [ »

0 : { »

source : psirt@fortinet.com (string)

url : https://fortiguard.fortinet.com/psirt/FG-IR-23-278 (string)

}

]

sourceIdentifier : psirt@fortinet.com (string)

vulnStatus : Received (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-312 (string)

}

]

source : psirt@fortinet.com (string)

type : Primary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-312 (string)

}

]

source : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object