CVE-2024-45324

Description

A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands.

Remediation

Solution:

Please upgrade to FortiPAM version 1.5.0 or above Please upgrade to FortiPAM version 1.4.3 or above Please upgrade to FortiPAM version 1.3.2 or above Please upgrade to FortiProxy version 7.6.1 or above Please upgrade to FortiProxy version 7.4.7 or above Please upgrade to FortiProxy version 7.2.13 or above Please upgrade to FortiProxy version 7.0.20 or above Please upgrade to FortiSRA version 1.5.0 or above Please upgrade to FortiSRA version 1.4.3 or above Please upgrade to FortiAuthenticator version 7.0.0 or above Please upgrade to FortiWeb version 7.6.1 or above Please upgrade to FortiWeb version 7.4.6 or above Please upgrade to FortiWeb version 7.2.11 or above Please upgrade to FortiWeb version 7.0.11 or above Please upgrade to FortiOS version 7.6.0 or above Please upgrade to FortiOS version 7.4.5 or above Please upgrade to FortiOS version 7.2.10 or above Please upgrade to FortiOS version 7.0.16 or above Please upgrade to FortiOS version 6.4.16 or above Please upgrade to FortiSASE version 24.4.b1 or above

References

Link	Tags
https://fortiguard.fortinet.com/psirt/FG-IR-24-325	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2024-45324?: CVE-2024-45324 has been scored as a high severity vulnerability.
How to fix CVE-2024-45324?: To fix CVE-2024-45324: Please upgrade to FortiPAM version 1.5.0 or above Please upgrade to FortiPAM version 1.4.3 or above Please upgrade to FortiPAM version 1.3.2 or above Please upgrade to FortiProxy version 7.6.1 or above Please upgrade to FortiProxy version 7.4.7 or above Please upgrade to FortiProxy version 7.2.13 or above Please upgrade to FortiProxy version 7.0.20 or above Please upgrade to FortiSRA version 1.5.0 or above Please upgrade to FortiSRA version 1.4.3 or above Please upgrade to FortiAuthenticator version 7.0.0 or above Please upgrade to FortiWeb version 7.6.1 or above Please upgrade to FortiWeb version 7.4.6 or above Please upgrade to FortiWeb version 7.2.11 or above Please upgrade to FortiWeb version 7.0.11 or above Please upgrade to FortiOS version 7.6.0 or above Please upgrade to FortiOS version 7.4.5 or above Please upgrade to FortiOS version 7.2.10 or above Please upgrade to FortiOS version 7.0.16 or above Please upgrade to FortiOS version 6.4.16 or above Please upgrade to FortiSASE version 24.4.b1 or above
Is CVE-2024-45324 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-45324 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-45324?: CVE-2024-45324 affects Fortinet FortiPAM, Fortinet FortiProxy, Fortinet FortiSRA, Fortinet FortiWeb, Fortinet FortiOS.

Description

Remediation

Category

CWE-134 – Use of Externally-Controlled Format String

References

Frequently Asked Questions