CVE-2024-45324

Published Mar 11, 2025

Last updated 9 months ago

CVSS high 7.2

Overview

Description
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands.
Source
psirt@fortinet.com
NVD status
Analyzed
Products
fortios, fortipam, fortiproxy, fortiweb, fortisra

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.2
Impact score
5.9
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

psirt@fortinet.com
CWE-134

Social media

Hype score
Not currently trending

  1. Fortinet複数製品に影響する脆弱性の情報更新について アドバイザリID:FG-IR-24-325 CVSSv3スコア範囲: 7.0 発行日:2025年3月11日 更新日:2025年5月14日 CVE番号:CVE-2024-45324 概要 FortiOS、FortiProxy、FortiPAM、FortiSRA、

    @esunekk

    15 May 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. به تازگی برای محصولات FortiSandbox و FortiOS آسیب پذیری های مختلفی با کدهای شناسایی CVE-2024-54027 از نوع OS command execution و CVE-2024-45324 از نوع Format string منتشر شده است. https://t.co/Poz3aKY03t https://t.co/FtYUYJTIy0

    @AmirHossein_sec

    15 Mar 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨Upozorňujeme na sérii zranitelností v produktech Fortinet. CVE-2024-45324 - zranitelnost typu "Use of Externally-Controlled Format String" umožňuje oprávněnému útočníkovi spustit neautorizované příkazy pomocí speciálně vytvořených HTTP/HTTPS příkazů. Postižené produkty:… http

    @GOVCERT_CZ

    13 Mar 2025

    1413 Impressions

    2 Retweets

    7 Likes

    1 Bookmark

    2 Replies

    2 Quotes

  4. Fortinet Addresses Multiple Vulnerabilities in FortiSandbox, FortiOS | Read more: https://t.co/OQPWF08TOo 📌 OS Command vulnerability – CVE-2024-52961 📌 Incorrect authorization vulnerability – CVE-2024-45328 📌 Format String Vulnerability – CVE-2024-45324 📌 SQL injection… http

    @The_Cyber_News

    13 Mar 2025

    278 Impressions

    0 Retweets

    0 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 CVE-2024-45324 🔴 HIGH (7) 🏢 Fortinet - FortiPAM 🏗️ 1.4.0 🔗 https://t.co/xeKj45lPy3 #CyberCron #VulnAlert #InfoSec https://t.co/vsfj6Zaak3

    @cybercronai

    12 Mar 2025

    90 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    1 Quote

  6. CVE-2024-45324 A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15… https://t.co/rsWpSc8Q1s

    @CVEnew

    11 Mar 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests.CVE-2026-40688
  2. A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via <insert attack vector here>CVE-2026-39814
  3. A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow attacker to denial of service via <insert attack vector here>CVE-2026-39811
  4. An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSwitchManager 7.2.0 through 7.2.7, FortiSwitchManager 7.0.0 through 7.0.6 may allow an authenticated attacker with admin profile and at least read-write permissions to write or delete arbitrary files via specific CLI commands.CVE-2025-61624
  5. A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiOS 6.2.9 through 6.2.17 allows attacker to execute unauthorized code or commands via specially crafted packets.CVE-2025-53847

References

Sources include official advisories and independent security research.