CVE-2024-35282 is a vulnerability identified in Fortinet's FortiClient VPN application for iOS, affecting all versions from 6.0.0 through 7.2.0. The vulnerability is due to the cleartext storage of sensitive information—specifically passwords—in device memory, which can be accessed through the iOS keychain. An attacker with physical access to a jailbroken iOS device can perform a keychain dump to retrieve these cleartext credentials without needing any authentication or user interaction. The vulnerability is classified under CWE-316 (Cleartext Storage of Sensitive Information in Memory). The CVSS v3.1 base score is 3.9, reflecting a low severity primarily because exploitation requires physical access and a jailbroken device, which reduces the attack vector. The flaw impacts confidentiality by exposing sensitive credentials but does not affect integrity or availability of the system. No public exploits or active exploitation in the wild have been reported. The vulnerability affects multiple FortiClient iOS versions, indicating a longstanding issue across several releases. Since no patch links are currently available, mitigation relies on device management and security best practices. FortiClient is widely used for secure VPN access, especially in enterprise environments, making this vulnerability relevant for organizations relying on Fortinet's mobile VPN solutions.

The primary impact of CVE-2024-35282 is the potential disclosure of sensitive VPN credentials stored in cleartext on the device memory of jailbroken iOS devices. For European organizations, this could lead to unauthorized access to corporate VPNs if an attacker gains physical access to an employee's compromised device. This risk is heightened in environments where mobile device management (MDM) policies do not prevent jailbreaking or where devices are used in high-risk physical environments. Confidentiality breaches could expose internal network access, sensitive communications, and potentially lead to lateral movement within corporate networks. However, the requirement for physical access and a jailbroken device limits the scope and likelihood of exploitation. The vulnerability does not affect system integrity or availability, so direct disruption of services is unlikely. Organizations in sectors with strict data protection regulations, such as finance, healthcare, and government, may face compliance risks if credential compromise leads to data breaches. The absence of known exploits reduces immediate risk but does not eliminate the need for vigilance.

1. Enforce strict mobile device management (MDM) policies that prohibit jailbreaking and detect jailbroken devices to prevent vulnerable devices from accessing corporate resources. 2. Educate users about the risks of jailbreaking and the importance of maintaining device integrity. 3. Restrict physical access to devices, especially in high-risk environments, to reduce the chance of unauthorized access. 4. Monitor VPN access logs for unusual activity that could indicate credential compromise. 5. Implement multi-factor authentication (MFA) for VPN access to mitigate the impact of credential disclosure. 6. Regularly review and update FortiClient iOS versions and apply patches promptly once available from Fortinet. 7. Consider using additional encryption or secure enclave features where possible to protect sensitive data in memory. 8. Conduct periodic security audits of mobile devices to ensure compliance with security policies.