CVE-2024-21754

Name of the Vulnerable Software and Affected Versions FortiOS versions prior to 7.4.4 FortiOS version 7.2 and earlier FortiOS version 7.0 and earlier FortiOS version 6.4 and earlier FortiProxy versions prior to 7.4.3 FortiProxy version 7.2 and earlier FortiProxy version 7.0 and earlier FortiProxy version 2.0 and earlier

Description The issue is related to a use of password hash with insufficient computational effort, which may allow a privileged attacker with super-admin profile and CLI access to decrypt the backup file. This could potentially be exploited by an attacker to gain unauthorized access to sensitive data.

Recommendations For FortiOS versions prior to 7.4.4, update to version 7.4.4 or later to resolve the issue. For FortiOS version 7.2 and earlier, update to a version later than 7.2 to resolve the issue. For FortiOS version 7.0 and earlier, update to a version later than 7.0 to resolve the issue. For FortiOS version 6.4 and earlier, update to a version later than 6.4 to resolve the issue. For FortiProxy versions prior to 7.4.3, update to version 7.4.3 or later to resolve the issue. For FortiProxy version 7.2 and earlier, update to a version later than 7.2 to resolve the issue. For FortiProxy version 7.0 and earlier, update to a version later than 7.0 to resolve the issue. For FortiProxy version 2.0 and earlier, update to a version later than 2.0 to resolve the issue.