CVE-2024-21754

CVE Database · CVE-2024-21754

CVE-2024-21754

· LOWModified

CVSS v3.1

1.8

EPSS

3.47%

Published

Jun 11, 2024

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file.

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-916

Affected Products (8)

fortinet · fortiproxyvulnerable

fortinet · fortiproxy (up to 7.4.3)vulnerable

fortinet · fortiosvulnerable

fortinet · fortios (up to 7.2.9)vulnerable

fortinet · fortios (up to 7.4.4)vulnerable

References (2)

https://fortiguard.fortinet.com/psirt/FG-IR-23-423

Vendor Advisory

https://fortiguard.fortinet.com/psirt/FG-IR-23-423

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs