← Back

CVE-2024-45324

nvd nist
Published: Mar 11, 2025Modified: Jul 24, 2025

JSON object

Loading...
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: psirt@fortinet.com (Secondary)

Description

A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands.

Affected (16)

Fortinet
5 products
Fortios
Fortipam
Fortiproxy
Fortiweb
Fortisra
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Fortinet
Fortios
From 6.2.0 to 6.2.17
Fortios
From 6.4.0 to 6.4.16
Fortios
From 7.0.0 to 7.0.16
Fortios
From 7.2.0 to 7.2.10
Fortios
From 7.4.0 to 7.4.5
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Fortinet
Fortipam
From 1.0.0 to 1.3.1
Fortipam
From 1.4.0 to 1.4.3
Configuration C
4 vulnerable
Vulnerable SoftwareAffected Versions
Fortinet
Fortiproxy
From 7.0.0 to 7.0.20
Fortiproxy
From 7.2.0 to 7.2.13
Fortiproxy
From 7.4.0 to 7.4.7
Fortiproxy
Version 7.6.0
Configuration D
4 vulnerable
Vulnerable SoftwareAffected Versions
Fortinet
Fortiweb
From 7.0.0 to 7.0.11
Fortiweb
From 7.2.0 to 7.2.11
Fortiweb
From 7.4.0 to 7.4.6
Fortiweb
Version 7.6.0
Configuration E
1 vulnerable
Vulnerable SoftwareAffected Versions
Fortisra
From 1.4.0 to 1.4.3

Related CWEs

CWE-134
Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (1)

Source: psirt@fortinet.com
Vendor Advisory

Timeline

No history available yet.