CVE-2024-32122 MEDIUM

Published: 2025-04-08 | Last Modified: 2026-06-09 | Status: Modified

Description

A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server.

Additional Descriptions (1)

El almacenamiento de contraseñas en un formato recuperable en las versiones 7.2.0 a 7.2.1 de Fortinet FortiOS permite a los atacantes divulgar información mediante la modificación de la IP del servidor LDAP para apuntar a un servidor malicioso.

CVSS Metrics

Base Score: 4.4 (MEDIUM)

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Attack Vector	LOCAL
Attack Complexity	LOW
Privileges Required	HIGH
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	NONE
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 0.8

Impact Score: 3.6

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-257

Affected Products

Vendor	Product	Version	Update	Type
fortinet	fortios	*	<built-in method update of dict object at 0x7d1e35f1cbc0>	Operating System
fortinet	fortios	*	<built-in method update of dict object at 0x7d1e5fe0b700>	Operating System
fortinet	fortios	*	<built-in method update of dict object at 0x7d1e6c96cac0>	Operating System
fortinet	fortios	*	<built-in method update of dict object at 0x7d1e35f1ff80>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:fortinet:fortios::::::::`
Yes	`cpe:2.3:o:fortinet:fortios::::::::`
Yes	`cpe:2.3:o:fortinet:fortios::::::::`
Yes	`cpe:2.3:o:fortinet:fortios::::::::`

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-111
Source: [email protected]

Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-864900.html
Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e