CVE-2024-45324

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0.0 through 7.4.4 FortiProxy versions 7.0.19 through 7.4.6 FortiPAM versions 1.3.1 through 1.4.2 FortiSRA versions 1.3.1 through 1.4.2 FortiWeb versions 7.0.10 through 7.4.5

Description A use of externally-controlled format string vulnerability exists in FortiOS, FortiProxy, FortiPAM, FortiSRA, and FortiWeb. This issue may allow a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands. The vulnerability is related to insufficient handling of format strings.

Recommendations FortiOS versions prior to 7.4.5 should be updated. FortiProxy versions prior to 7.4.7 and prior to 7.0.19 should be updated. FortiPAM versions prior to 1.4.3 and prior to 1.3.1 should be updated. FortiSRA versions prior to 1.4.3 and prior to 1.3.1 should be updated. FortiWeb versions prior to 7.4.6 and prior to 7.0.10 should be updated.