CVE-2024-21754

CVE-2024-21754 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including CyberSecuritist.

AI-analyzed exploit summary The repository claims to provide an exploit for CVE-2024-21754 but lacks actual exploit code, instead directing users to an external download link. The README contains vague descriptions and no technical details about the vulnerability or exploit mechanics.

A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file.