CVE-2024-32122
LowCVSS 2.3Exploitation Probability (EPSS)
Low risk20th percentile — higher than 20% of all known CVEs
Summary
In Fortinet FortiOS versions 7.4.0 to 7.4.8, 7.2, 7.0, and 6.4, passwords are stored in a recoverable format. This allows an attacker to disclose information by modifying the LDAP server IP to point to a malicious server.
Risk Assessment
The organization is at risk of sensitive data disclosure, which could lead to further attacks and system compromises.
Recommendation
It is recommended to update FortiOS to the latest version and secure the LDAP server configuration to prevent unauthorized modifications.
Original NVD description (English source)
A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server.

