vulnerability

Fortinet FortiOS: Use of Password Hash With Insufficient Computational Effort (CVE-2024-21754)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:L/AC:L/Au:M/C:C/I:N/A:N)	Jun 11, 2024	Oct 7, 2024	Jan 28, 2025

Severity

CVSS

(AV:L/AC:L/Au:M/C:C/I:N/A:N)

Published

Jun 11, 2024

Added

Oct 7, 2024

Modified

Jan 28, 2025

Description

A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file.

Solution(s)

fortios-upgrade-7_2_9fortios-upgrade-7_4_4

References

CVE-2024-21754
https://attackerkb.com/topics/CVE-2024-21754
URL-https://fortiguard.fortinet.com/psirt/FG-IR-23-423

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today