CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-32122

Medium Severity
SVRS
31/100
CVSSv3
2.3/10
EPSS
0.00014/1

CVE-2024-32122: Fortinet FortiOS stores passwords in a recoverable format, potentially leading to information disclosure. An attacker could modify the LDAP server IP to point to a malicious server, gaining access to sensitive information. With an SVRS of 31, while not critical, CVE-2024-32122 still poses a risk that needs to be addressed. This vulnerability allows for unauthorized access to passwords, which could compromise the entire system. Despite a low CVSS score, the fact that it is tagged "In The Wild" should raise concerns. The ability to retrieve passwords exposes organizations to significant data breaches. It is crucial to apply the necessary patches and security measures to mitigate this risk and protect sensitive user data.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:H
UI:N
S:U
C:L
I:N
A:N
PUBLICATION DATE2025-04-08
LAST MODIFIED2025-04-08
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-32122 describes a vulnerability in Fortinet FortiOS versions 7.2.0 through 7.2.1 where passwords are stored in a recoverable format. This allows an attacker, by modifying the LDAP server IP address to point to a malicious server, to potentially gain unauthorized access to sensitive information through information disclosure. The SOCRadar Vulnerability Risk Score (SVRS) is 30, indicating a low risk compared to the CVSS score of 2.3; however, due to the fact the vulnerability is used in the wild, it requires monitoring to ensure the risk remains low for specific use-cases.

Key Insights

  • Recoverable Password Storage: The core issue lies in FortiOS storing passwords in a format that can be recovered. This significantly reduces the effort required for an attacker to compromise accounts, making LDAP authentication a potential weak point.
  • LDAP Server Hijacking: The vulnerability relies on the attacker's ability to redirect LDAP traffic to a malicious server. This suggests weaknesses in input validation, configuration control, or network security that allow for such redirection.
  • In The Wild Exploitation: The vulnerability is actively exploited by hackers, demanding that system administrators take immediate action.

Mitigation Strategies

  1. Upgrade FortiOS: Upgrade to a patched version of FortiOS that resolves the password storage issue. This is the most direct and effective mitigation.
  2. Two-Factor Authentication (2FA): Implement 2FA for all user accounts, particularly those with administrative privileges. This provides an additional layer of security even if passwords are compromised.
  3. Network Segmentation and Monitoring: Implement network segmentation to limit the blast radius of a potential compromise. Monitor network traffic for suspicious LDAP activity, including unauthorized connection attempts or data exfiltration.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Fortinet plugs security holes in several products - heise online
2025-04-09
Fortinet plugs security holes in several products - heise online | News Content: Fortinet has released security updates for numerous products. One of the vulnerabilities is considered a critical risk, while two others have a "high" threat level. Anzeige The most serious is a security gap in Fortiswitches, which allows attackers to change admin passwords with specially prepared requests from the network without authentication (CVE-2024-48887, CVSS 9.3, risk "critical"). The gap is closed by software versions 6.4.15, 7.0.11, 7.2.9, 7.4.5 or 7.6.1 and newer. Fortinet: High-risk gaps In addition, there are insufficient restrictions on desired endpoints in communication channels
google.com
rss
forum
news
CVE-2024-32122 | Fortinet FortiOS up to 6.4.16/7.0.17/7.2.11/7.4.7 storing passwords in a recoverable format (FG-IR-24-111)
vuldb.com2025-04-08
CVE-2024-32122 | Fortinet FortiOS up to 6.4.16/7.0.17/7.2.11/7.4.7 storing passwords in a recoverable format (FG-IR-24-111) | A vulnerability was found in Fortinet FortiOS up to 6.4.16/7.0.17/7.2.11/7.4.7 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to storing passwords in a recoverable format. This vulnerability is handled as CVE-2024-32122. An attack has to be approached locally. There is no
vuldb.com
rss
forum
news

Social Media

CVE-2024-32122 A storing passwords in a recoverable format in Fortinet FortiOS versions 7.2.0 through 7.2.1 allows attacker to information disclosure via modification of LDAP server… https://t.co/i3Zfqr3rTF
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
HTTPS://FORTIGUARD.FORTINET.COM/PSIRT/FG-IR-24-111https://fortiguard.fortinet.com/psirt/FG-IR-24-111
[email protected]https://fortiguard.fortinet.com/psirt/FG-IR-24-111

CWE Details

CWE IDCWE NameDescription
CWE-257Storing Passwords in a Recoverable FormatThe storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence