CVE-2024-50564: 
FortiClient vulnerability analysis and mitigation

A use of hard-coded cryptographic key vulnerability (CVE-2024-50564) was discovered in Fortinet FortiClient Windows. The vulnerability affects FortiClient Windows versions 7.4.0, 7.2.x (all versions), 7.0.x (all versions), and 6.4.x (all versions). The issue was initially disclosed on January 14, 2025, and received a CVSS v3.1 base score of 3.3 (Low) (NVD, Fortinet PSIRT).

The vulnerability (CWE-321) involves the use of a hard-coded cryptographic key in the FortiClient Windows application that is used for interprocess communication via named pipes. The vulnerability has been assigned a CVSS vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N, indicating local access requirements, low attack complexity, and low privileges needed (NVD).

The vulnerability may allow a low-privileged user to decrypt interprocess communication by monitoring named pipes, potentially leading to information disclosure. The impact is considered low, affecting only the confidentiality aspect of the system, with no direct impact on integrity or availability (Fortinet PSIRT).

Fortinet has released version 7.4.1 to address this vulnerability. Users running affected versions are advised to upgrade to FortiClient 7.4.1 or above. For users running older versions (7.2.x, 7.0.x, and 6.4.x), Fortinet recommends migrating to a fixed release (Fortinet PSIRT).

The vulnerability was initially reported by Pentera Labs' security researcher Nir Chako, who confirmed that version 7.4.1 successfully prevents the exploitation techniques. The vulnerability disclosure was scheduled for a formal advisory update on December 10's Patch Tuesday (Register).