3 matches found
CVE-2024-50564
CVE-2024-50564 affects Fortinet FortiClientWindows across versions 6.4.x–7.4.0. The issue is a hard-coded cryptographic key used for interprocess communication via a monitored named pipe, which may enable a low-privileged user to decrypt IPC data. The vulnerability is documented as a local issue ...
CVE-2024-50564
A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped...
Fortinet FortiClient Hardcoded Encryption Key Used for Named Pipe Communication (FG-IR-24-216)
The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-216 advisory. - Threat actors can gain access to a plain text encryption key that is saved as part of the FortiClient services executable...