CVE-2024-21754
published 2024-06-11CVE-2024-21754: A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all…
PriorityP278medium4.4CVSS 3.1
AVLACLPRHUINSUCHINAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
3.47%
87.6th percentile
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortios | — | — |
| fortinet | fortios | 6.4.0 – 6.4.15 | — |
| fortinet | fortios | 7.0.0 – 7.0.15 | — |
| fortinet | fortios | >= 7.2.0 < 7.2.9 | 7.2.9 |
| fortinet | fortios | 7.2.0 – 7.2.8 | — |
| fortinet | fortios | >= 7.4.0 < 7.4.4 | 7.4.4 |
| fortinet | fortios | 7.4.0 – 7.4.3 | — |
| fortinet | fortiproxy | — | — |
| fortinet | fortiproxy | 2.0.0 – 2.0.14 | — |
| fortinet | fortiproxy | 7.0.0 – 7.0.18 | — |
| fortinet | fortiproxy | 7.2.0 – 7.2.11 | — |
| fortinet | fortiproxy | >= 7.4.0 < 7.4.3 | 7.4.3 |
| fortinet | fortiproxy | 7.4.0 – 7.4.2 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability requires a privileged attacker with super-admin profile AND CLI access to exploit — detection should focus on super-admin CLI sessions performing backup/decrypt operations on FortiOS/FortiProxy devices ↗
- →Scope is limited to local access (AV:L) with high privilege required (PR:H) and user interaction (UI:R) — CVSS vector confirms no remote exploitation path; focus monitoring on local/console CLI sessions ↗
- ·Affected FortiOS versions: 7.4.3 and below, all 7.2.x, all 7.0.x, all 6.4.x — upgrade to a fixed version to remediate weak key derivation for backup files ↗
- ·Affected FortiProxy versions: 7.4.2 and below, all 7.2.x, all 7.0.x, all 2.0.x — upgrade to a fixed version to remediate weak key derivation for backup files ↗
- ·The vulnerability is classified as CWE-916 (Use of Password Hash With Insufficient Computational Effort), meaning backup files encrypted by affected versions use a weak key derivation function and may be decryptable offline by an attacker who obtains the backup ↗
- ·Siemens RUGGEDCOM APE1808 devices running Fortinet NGFW are also affected by this vulnerability across all versions ↗
CVSS provenance
nvdv3.14.4MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
vulncheck1.8LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens RUGGEDCOM APE 1808
cisa_ics·2024-07-11·CVSS 6.7
[MEDIUM] Siemens RUGGEDCOM APE 1808
ICS Advisory
##
Siemens RUGGEDCOM APE 1808
Release DateJuly 11, 2024
Alert CodeICSA-24-193-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: RUGGEDCOM APE 1808
- Vulnerabilities: Stack-based Buffer Overflow, Use of Password Hash With Insufficient Computational Effort, Cross-
Fortinet
Weak key derivation for backup file
vendor_fortinet·2024-06-11·CVSS 1.8
CVE-2024-21754 [LOW] CWE-916 Weak key derivation for backup file
FG-IR-23-423: Weak key derivation for backup file
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file.
CVEs: CVE-2024-21754
CWEs: CWE-916
CVSS: 1.8 (low)
Affected products: FortiOS, FortiProxy
GHSA
GHSA-pg7p-9rpp-xjmx: A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7
ghsa_unreviewed·2024-06-11
CVE-2024-21754 [LOW] CWE-916 GHSA-pg7p-9rpp-xjmx: A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file.
VulnCheck
Fortinet FortiOS and FortiProxy Backup File Weak Key Vulnerability
vulncheck·2024·CVSS 1.8
CVE-2024-21754 [LOW] Fortinet FortiOS and FortiProxy Backup File Weak Key Vulnerability
Fortinet FortiOS and FortiProxy Backup File Weak Key Vulnerability
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file.
Affected: Fortinet FortiOS and FortiProxy
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://cyber.wtf/2024/06/13/give-me-your-fortigate-configuration-backup-and-i-rule-your-network/
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-06-11
Published
Exploited in the wild