Home

Description

A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server.

PUBLISHED Reserved 2024-04-11 | Published 2025-04-08 | Updated 2026-01-14 | Assigner fortinet




LOW: 2.1CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:C

Problem types

Information disclosure

Product status

Default status
unaffected

7.4.0 (semver)
affected

7.2.0 (semver)
affected

7.0.0 (semver)
affected

6.4.0 (semver)
affected

References

fortiguard.fortinet.com/psirt/FG-IR-24-111

cve.org (CVE-2024-32122)

nvd.nist.gov (CVE-2024-32122)

Download JSON