CVE-2024-21754

A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow aprivileged attacker with super-admin profile and CLI access to decrypting the backup file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
1.8 LOW
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
fortinetCNA
1.7 LOW
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N/E:F/RL:X/RC:R
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
fortinetfortiproxy
2.0.0 ≤
𝑥
≤ 2.0.14
fortinetfortiproxy
7.0.0 ≤
𝑥
≤ 7.0.18
fortinetfortiproxy
7.2.0 ≤
𝑥
≤ 7.2.11
fortinetfortiproxy
7.4.0 ≤
𝑥
< 7.4.3
fortinetfortios
6.4.0 ≤
𝑥
≤ 6.4.15
fortinetfortios
7.0.0 ≤
𝑥
≤ 7.0.15
fortinetfortios
7.2.0 ≤
𝑥
< 7.2.9
fortinetfortios
7.4.0 ≤
𝑥
< 7.4.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://fortiguard.fortinet.com/psirt/FG-IR-23-423
https://fortiguard.fortinet.com/psirt/FG-IR-23-423