CVE-2024-32122

A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server.

CVSS v3 2.3 LOW

2.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-111	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::

History

18 Nov 2025, 17:15

Type	Values Removed	Values Added
Summary	(en) A storing passwords in a recoverable format in Fortinet FortiOS versions 7.2.0 through 7.2.1 allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server.	(en) A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server.

18 Jul 2025, 14:23

Type	Values Removed	Values Added
Summary		(es) El almacenamiento de contraseñas en un formato recuperable en las versiones 7.2.0 a 7.2.1 de Fortinet FortiOS permite a los atacantes divulgar información mediante la modificación de la IP del servidor LDAP para apuntar a un servidor malicioso.
References	~~() https://fortiguard.fortinet.com/psirt/FG-IR-24-111 -~~	() https://fortiguard.fortinet.com/psirt/FG-IR-24-111 - Vendor Advisory
CPE		cpe:2.3:o:fortinet:fortios::::::::
First Time		Fortinet Fortinet fortios

08 Apr 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-08 14:15

Updated : 2025-11-18 17:15

NVD link : CVE-2024-32122

Mitre link : CVE-2024-32122

CVE.ORG link : CVE-2024-32122

JSON object : View

Products Affected

fortinet

fortios

CWE

CWE-257

Storing Passwords in a Recoverable Format

{"id": "CVE-2024-32122", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2025-04-08T14:15:31.040", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-111", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-257"}]}], "descriptions": [{"lang": "en", "value": "A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server."}, {"lang": "es", "value": "El almacenamiento de contrase\u00f1as en un formato recuperable en las versiones 7.2.0 a 7.2.1 de Fortinet FortiOS permite a los atacantes divulgar informaci\u00f3n mediante la modificaci\u00f3n de la IP del servidor LDAP para apuntar a un servidor malicioso."}], "lastModified": "2025-11-18T17:15:57.847", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB9D516D-E0DB-4A9D-B5AF-1DFFB61C91CD", "versionEndIncluding": "6.4.16", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E87C0DD6-A590-4E5E-8F63-481E15647BF9", "versionEndIncluding": "7.0.17", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E2C05DC-760B-4A39-8FC5-F485C28E34DB", "versionEndIncluding": "7.2.11", "versionStartIncluding": "7.2.0"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "037301E0-CE52-45FB-8BEB-A09D68EE9985", "versionEndIncluding": "7.4.7", "versionStartIncluding": "7.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}