Last updated on February 17, 2025 at 12:57 pm
We’re aware of a Cleartext Storage of Sensitive Information vulnerability impacting FortiClient, a remote access solution used by some schools.
The vulnerability impacts users on Windows and Linux devices that have updated FortiClient to version 7 (full list of impacted versions here). If exploited, a local authenticated user could retrieve the FortiClient password via memory dump.
Please note that the firmware version N4L usually sends to schools and IT providers as part of the FortiClient set-up process (6.0.9) doesn’t seem to be impacted.
If you’re using one of the impacted versions, we recommend that you upgrade FortiClient to the latest firmware using the links below:
- Windows – https://links.fortinet.com/forticlient/win/vpnagent
- Linux – https://links.fortinet.com/forticlient/rhel/vpnagent
Note that this is a free version of FortiClient which doesn’t include an .msi extension file for bulk provisioning to devices.
If you’re operating version 7, the online installer should remove the old client and upgrade to the latest version while keeping the current configuration.
Click here if you’d like more information.
If you have any problem downloading the file or installing the package, please reach out to us on 0800 532 764.