CVE-2024-21754 LOW

CVE-2024-21754

Vendor Fortinet
Product FortiProxy
Weakness CWE-916
Published June 11, 2024
Last update August 27, 2025

CVSS base score

1.7/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N/E:F/RL:X/RC:R

What the vulnerability does

01Description

A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file.

Key dates

02Disclosure timeline

June 11, 2024 CVE published
August 27, 2025 Record updated