CVE-2024-32122

Summary

A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiOS7.4.0 <= 7.4.8affected
FortinetFortiOS7.2.0 <= 7.2.12affected
FortinetFortiOS7.0.0 <= 7.0.18affected
FortinetFortiOS6.4.0 <= 6.4.16affected

Weaknesses

  • CWE-257: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

Additional References

References