CVE-2024-21754

LOW EXPLOITED

FortiOS <7.4.3 - Info Disclosure

Title source: llm

Description

A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file.

Exploits (1)

nomisec SUSPICIOUS 4 stars

by CyberSecuritist · poc

https://github.com/CyberSecuritist/CVE-2024-21754-Forti-RCE

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://fortiguard.fortinet.com/psirt/FG-IR-23-423

Scores

CVSS v3 1.8

EPSS 0.0490

EPSS Percentile 89.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

Details

VulnCheck KEV 2024-06-13

CWE

CWE-916

Status published

Products (2)

fortinet/fortios 6.4.0 - 6.4.15

fortinet/fortiproxy 2.0.0 - 2.0.14

Published Jun 11, 2024

Tracked Since Feb 18, 2026