CVE-2024-32122

2.3 LOW

A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, ...

Published: 2025-04-08 · Last updated: 2026-06-09

Severity and scoring

CVSS: 2.3 LOW
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-257

Affected products

Vendor	Product
fortinet	fortios

Description

A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2024-32122
[Vendor advisory]https://fortiguard.fortinet.com/psirt/FG-IR-24-111
[Other]https://cert-portal.siemens.com/productcert/html/ssa-864900.html

Related CVEs

Same vendor

CVE-2026-44277 — A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through ... (9.8 CRITICAL)
CVE-2026-25690 — An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.0.0 throu... (4.3 MEDIUM)
CVE-2026-25088 — An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through ... (5.4 MEDIUM)
CVE-2025-53844 — A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 al... (8.8 HIGH)
CVE-2025-68648 — A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4... (7.2 HIGH)

Same CWE

CVE-2026-22614 — The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with acce... (6.1 MEDIUM)