CVE-2024-21754

LOW EXPLOITED

FortiOS <7.4.3 - Info Disclosure

Title source: llm

Description

A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file.

Exploits (1)

nomisec SUSPICIOUS 4 stars

by CyberSecuritist · poc

https://github.com/CyberSecuritist/CVE-2024-21754-Forti-RCE

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://fortiguard.fortinet.com/psirt/FG-IR-23-423

Scores

CVSS v3 1.8

EPSS 0.0571

EPSS Percentile 90.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

Exploitation Intel

VulnCheck KEV 2024-06-13

Classification

CWE

CWE-916

Status published

Affected Products (2)

fortinet/fortiproxy < 2.0.14

fortinet/fortios < 6.4.15

Timeline

Published Jun 11, 2024

Tracked Since Feb 18, 2026