CVE-2024-21754

A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file.

Published: Jun 11, 2024
Updated: May 4, 2025
CVE: CVE-2024-21754
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.4
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-916

Affected Software
References

Software	From	Fixed in
fortinet / fortiproxy	7.4.0	7.4.3
fortinet / fortios	6.4.0	6.4.15.x
fortinet / fortiproxy	2.0.0	2.0.14.x
fortinet / fortios	7.4.0	7.4.4
fortinet / fortios	7.2.0	7.2.9
fortinet / fortios	7.0.0	7.0.15.x
fortinet / fortiproxy	7.2.0	7.2.11.x
fortinet / fortiproxy	7.0.0	7.0.18.x

https://fortiguard.fortinet.com/psirt/FG-IR-23-423

Vulnerability Database

289,784

CVE-2024-21754