CVE-2024-45324

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-45324
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands.
CVSS

No CVSS.

References
Link Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-325 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:fortinet:fortisra:*:*:*:*:*:*:*:*
History

24 Jul 2025, 19:06

Type Values Removed Values Added
References () https://fortiguard.fortinet.com/psirt/FG-IR-24-325 - () https://fortiguard.fortinet.com/psirt/FG-IR-24-325 - Vendor Advisory
First Time Fortinet fortipam
Fortinet fortiproxy
Fortinet fortisra
Fortinet fortiweb
Fortinet
Fortinet fortios
CPE cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisra:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

11 Mar 2025, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-11 15:15

Updated : 2025-07-24 19:06

NVD link : CVE-2024-45324

Mitre link : CVE-2024-45324

JSON object : View

Products Affected

fortinet

  • fortiweb
  • fortisra
  • fortios
  • fortiproxy
  • fortipam
CWE
CWE-134

Use of Externally-Controlled Format String