CVE-2024-45324
Essential information
- Published
- 11/03/2025 15:15
- Modified
- 11/03/2025 15:15
- Author
- —
- Creator
- —
- CVSS
- 7.2 HIGH (v3.1)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H—
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Privileges required
- HIGH
- User interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality impact
- HIGH
- Integrity impact
- HIGH
- Availability impact
- HIGH
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands.
NVD status
- Status
- Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| fortinet / fortios | cpe:2.3:a:fortinet:fortios:7.4.0:7.4.4:*:*:*:*:*:* |
| fortinet / fortios | cpe:2.3:a:fortinet:fortios:7.2.0:7.2.9:*:*:*:*:*:* |
| fortinet / fortios | cpe:2.3:a:fortinet:fortios:7.0.0:7.0.15:*:*:*:*:*:* |
| fortinet / fortios | cpe:2.3:a:fortinet:fortios:<6.4.15:*:*:*:*:*:* |
| fortinet / fortiproxy | cpe:2.3:a:fortinet:fortiproxy:7.4.0:7.4.6:*:*:*:*:*:* |
| fortinet / fortiproxy | cpe:2.3:a:fortinet:fortiproxy:7.2.0:7.2.12:*:*:*:*:*:* |
| fortinet / fortiproxy | cpe:2.3:a:fortinet:fortiproxy:<7.0.19:*:*:*:*:*:* |
| fortinet / fortipam | cpe:2.3:a:fortinet:fortipam:1.4.0:1.4.2:*:*:*:*:*:* |
| fortinet / fortipam | cpe:2.3:a:fortinet:fortipam:<1.3.1:*:*:*:*:*:* |
| fortinet / fortisra | cpe:2.3:a:fortinet:fortisra:1.4.0:1.4.2:*:*:*:*:*:* |
| fortinet / fortisra | cpe:2.3:a:fortinet:fortisra:<1.3.1:*:*:*:*:*:* |
| fortinet / fortiweb | cpe:2.3:a:fortinet:fortiweb:7.4.0:7.4.5:*:*:*:*:*:* |
| fortinet / fortiweb | cpe:2.3:a:fortinet:fortiweb:7.2.0:7.2.10:*:*:*:*:*:* |
| fortinet / fortiweb | cpe:2.3:a:fortinet:fortiweb:<7.0.10:*:*:*:*:*:* |