CVE Catalog

CVE-2024-32122

LowCVSS 2.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.06%

20th percentile — higher than 20% of all known CVEs

Summary

In Fortinet FortiOS versions 7.4.0 to 7.4.8, 7.2, 7.0, and 6.4, passwords are stored in a recoverable format. This allows an attacker to disclose information by modifying the LDAP server IP to point to a malicious server.

Risk Assessment

The organization is at risk of sensitive data disclosure, which could lead to further attacks and system compromises.

Recommendation

It is recommended to update FortiOS to the latest version and secure the LDAP server configuration to prevent unauthorized modifications.

Original NVD description (English source)

A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS