fkie_nvd - fkie_cve-2024-32122

fkie_cve-2024-32122

Vulnerability from fkie_nvd

Published

2025-04-08 14:15

Modified

2025-11-18 17:15

Severity ?

2.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server.

References

	URL	Tags
	psirt@fortinet.com	https://fortiguard.fortinet.com/psirt/FG-IR-24-111	Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortios	*
fortinet	fortios	*
fortinet	fortios	*
fortinet	fortios	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB9D516D-E0DB-4A9D-B5AF-1DFFB61C91CD",
              "versionEndIncluding": "6.4.16",
              "versionStartIncluding": "6.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E87C0DD6-A590-4E5E-8F63-481E15647BF9",
              "versionEndIncluding": "7.0.17",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E2C05DC-760B-4A39-8FC5-F485C28E34DB",
              "versionEndIncluding": "7.2.11",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "037301E0-CE52-45FB-8BEB-A09D68EE9985",
              "versionEndIncluding": "7.4.7",
              "versionStartIncluding": "7.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server."
    },
    {
      "lang": "es",
      "value": "El almacenamiento de contrase\u00f1as en un formato recuperable en las versiones 7.2.0 a 7.2.1 de Fortinet FortiOS permite a los atacantes divulgar informaci\u00f3n mediante la modificaci\u00f3n de la IP del servidor LDAP para apuntar a un servidor malicioso."
    }
  ],
  "id": "CVE-2024-32122",
  "lastModified": "2025-11-18T17:15:57.847",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 2.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 1.4,
        "source": "psirt@fortinet.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-04-08T14:15:31.040",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-111"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-257"
        }
      ],
      "source": "psirt@fortinet.com",
      "type": "Secondary"
    }
  ]
}

CVE-2024-32122 (GCVE-0-2024-32122)

Vulnerability from cvelistv5

Published

2025-04-08 14:02

Modified

2025-11-18 17:01

Severity ?

2.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:C

CWE

CWE-257 - Information disclosure

Summary

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-24-111