CVE Vulnerabilities

CVE-2024-50564

Use of Hard-coded Cryptographic Key

Published: Jan 14, 2025 | Modified: Jun 11, 2025
CVSS 3.x
3.3
LOW
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped.

Weakness

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

Affected Software

Name Vendor Start Version End Version
Forticlient Fortinet 6.4.0 (including) 7.2.9 (excluding)
Forticlient Fortinet 7.4.0 (including) 7.4.0 (including)

Potential Mitigations

References