CVE-2024-45324

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-45324
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands.

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-325 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:fortinet:fortisra:*:*:*:*:*:*:*:*
History

24 Jul 2025, 19:06

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de uso de cadena de formato controlada externamente [CWE-134] en FortiOS versión 7.4.0 a 7.4.4, versión 7.2.0 a 7.2.9, versión 7.0.0 a 7.0.15 y anteriores a 6.4.15, FortiProxy versión 7.4.0 a 7.4.6, versión 7.2.0 a 7.2.12 y anteriores a 7.0.19, FortiPAM versión 1.4.0 a 1.4.2 y anteriores a 1.3.1, FortiSRA versión 1.4.0 a 1.4.2 y anteriores a 1.3.1 y FortiWeb versión 7.4.0 a 7.4.5, versión 7.2.0 a 7.2.10 y anteriores a 7.0.10 permite a un atacante privilegiado ejecutar código o comandos no autorizados a través de comandos HTTP o HTTPS especialmente manipulados.
CPE cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisra:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*
First Time Fortinet fortisra
Fortinet fortipam
Fortinet fortiweb
Fortinet fortiproxy
Fortinet
Fortinet fortios
References () https://fortiguard.fortinet.com/psirt/FG-IR-24-325 - () https://fortiguard.fortinet.com/psirt/FG-IR-24-325 - Vendor Advisory

11 Mar 2025, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-11 15:15

Updated : 2025-07-24 19:06

NVD link : CVE-2024-45324

Mitre link : CVE-2024-45324

CVE.ORG link : CVE-2024-45324

JSON object : View

Products Affected

fortinet

  • fortipam
  • fortiweb
  • fortiproxy
  • fortios
  • fortisra
CWE
CWE-134

Use of Externally-Controlled Format String