Vulnerability Description
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortios | >= 6.2.0, < 6.2.17 |
| Fortinet | Fortipam | >= 1.0.0, <= 1.3.1 |
| Fortinet | Fortiproxy | >= 7.0.0, < 7.0.20 |
| Fortinet | Fortiweb | >= 7.0.0, < 7.0.11 |
| Fortinet | Fortisra | >= 1.4.0, < 1.4.3 |
Related Weaknesses (CWE)
References
- https://fortiguard.fortinet.com/psirt/FG-IR-24-325Vendor Advisory
FAQ
What is CVE-2024-45324?
CVE-2024-45324 is a vulnerability with a CVSS score of 7.2 (HIGH). A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy ver...
How severe is CVE-2024-45324?
CVE-2024-45324 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-45324?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortios, Fortinet Fortipam, Fortinet Fortiproxy, Fortinet Fortiweb, Fortinet Fortisra.