Fortinet FortiOS up to 6.4.16/7.0.17/7.2.11/7.4.7 password recoverable

Summaryinfo

A vulnerability categorized as problematic has been discovered in Fortinet FortiOS up to 6.4.16/7.0.17/7.2.11/7.4.7. Impacted is an unknown function. Such manipulation leads to password recoverable. This vulnerability is documented as CVE-2024-32122. The attack needs to be performed locally. There is not any exploit available. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability was found in Fortinet FortiOS up to 6.4.16/7.0.17/7.2.11/7.4.7 and classified as problematic. Affected by this issue is an unknown functionality. The manipulation with an unknown input leads to a password recoverable vulnerability. Using CWE to declare the problem leads to CWE-257. The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts. Impacted is confidentiality. CVE summarizes:

A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server.

The advisory is shared for download at fortiguard.fortinet.com. This vulnerability is handled as CVE-2024-32122 since 04/11/2024. The exploitation is known to be easy. The attack needs to be approached locally. The exploitation needs additional levels of successful authentication. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1552.

The vulnerability scanner Nessus provides a plugin with the ID 234006 (Fortinet Fortigate LDAP Clear-text credentials retrievable with IP modification (FG-IR-24-111)), which helps to determine the existence of the flaw in a target environment.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the databases at Tenable (234006) and EUVD (EUVD-2024-29943). Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Firewall Software

Vendor

• Fortinet

Name

• FortiOS

Version

• 6.4.0
• 6.4.1
• 6.4.2
• 6.4.3
• 6.4.4
• 6.4.5
• 6.4.6
• 6.4.7
• 6.4.8
• 6.4.9
• 6.4.10
• 6.4.11
• 6.4.12
• 6.4.13
• 6.4.14
• 6.4.15
• 6.4.16
• 7.0.0
• 7.0.1
• 7.0.2
• 7.0.3
• 7.0.4
• 7.0.5
• 7.0.6
• 7.0.7
• 7.0.8
• 7.0.9
• 7.0.10
• 7.0.11
• 7.0.12
• 7.0.13
• 7.0.14
• 7.0.15
• 7.0.16
• 7.0.17
• 7.2.0
• 7.2.1
• 7.2.2
• 7.2.3
• 7.2.4
• 7.2.5
• 7.2.6
• 7.2.7
• 7.2.8
• 7.2.9
• 7.2.10
• 7.2.11
• 7.4.0
• 7.4.1
• 7.4.2
• 7.4.3
• 7.4.4
• 7.4.5
• 7.4.6
• 7.4.7

License

• commercial

Website

• Vendor: https://www.fortinet.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion