CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-45324

Medium Severity
SVRS
36/100
CVSSv3
NA/10
EPSS
0.00167/1

CVE-2024-45324 is a critical format string vulnerability affecting multiple Fortinet products. This flaw allows a privileged attacker to inject malicious code by exploiting specially crafted HTTP/HTTPS commands. The affected products include versions of FortiOS, FortiProxy, FortiPAM, FortiSRA, and FortiWeb. Although the CVSS score is low, the SOCRadar Vulnerability Risk Score (SVRS) for CVE-2024-45324 is 36, indicating a moderate level of risk that should be monitored. Due to the CWE-134 designation, successful exploitation could lead to unauthorized code execution and compromise of the affected systems. Given that this vulnerability is tagged as "In The Wild," organizations using these Fortinet products should promptly investigate and apply available patches or mitigations to prevent potential exploitation and maintain the security of their infrastructure. The ability of an attacker to execute commands makes this a significant security concern.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2025-03-11
LAST MODIFIED2025-03-11
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-45324 is a format string vulnerability (CWE-134) affecting multiple Fortinet products including FortiOS, FortiProxy, FortiPAM, FortiSRA, and FortiWeb. This vulnerability allows a privileged attacker to execute unauthorized code or commands by exploiting specially crafted HTTP or HTTPS commands. The SOCRadar Vulnerability Risk Score (SVRS) is 36, indicating a moderate risk. However, it's important to note that this vulnerability is being actively exploited in the wild.

Key Insights

  1. Format String Vulnerability: The root cause is a format string vulnerability. Attackers can manipulate input strings that are used in format functions, leading to arbitrary code execution if not properly sanitized.

  2. Wide Range of Affected Products: This vulnerability affects a broad spectrum of Fortinet products, including firewalls, proxies, PAM solutions, SRA solutions, and web application firewalls. This widespread impact increases the potential attack surface for adversaries.

  3. Privileged Access Required: Although requiring privileged access initially limits the attack surface, once gained, attackers can execute arbitrary code or commands, leading to significant compromise.

  4. Actively Exploited in the Wild: Because this vulnerability is used in the wild, this significantly elevates the urgency for remediation, irrespective of the SVRS score.

Mitigation Strategies

  1. Immediate Patching: Apply the latest patches provided by Fortinet for all affected products (FortiOS, FortiProxy, FortiPAM, FortiSRA, FortiWeb). Prioritize patching based on the organization's asset inventory and the criticality of each system.

  2. Input Validation and Sanitization: Implement stringent input validation and sanitization measures for HTTP and HTTPS commands. Employ secure coding practices to prevent format string vulnerabilities.

  3. Network Segmentation: Implement network segmentation to limit the potential impact of a successful exploit. If a system is compromised, segmentation can prevent the attacker from moving laterally to other critical assets.

  4. Privilege Management: Review and enforce strict privilege management policies. Minimize the number of users and accounts with privileged access to reduce the attack surface. Regularly audit privileged accounts for suspicious activity.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-45324 | Fortinet FortiPAM/FortiProxy/FortiSRA/FortiWeb/FortiOS HTTP Command format string (FG-IR-24-325)
vuldb.com2025-03-11
CVE-2024-45324 | Fortinet FortiPAM/FortiProxy/FortiSRA/FortiWeb/FortiOS HTTP Command format string (FG-IR-24-325) | A vulnerability, which was classified as critical, was found in Fortinet FortiPAM, FortiProxy, FortiSRA, FortiWeb and FortiOS. Affected is an unknown function of the component HTTP Command Handler. The manipulation leads to format string. This vulnerability is traded as CVE-2024-45324. It is possible to launch the attack remotely. There
vuldb.com
rss
forum
news

Social Media

Fortinet Addresses Multiple Vulnerabilities in FortiSandbox, FortiOS | Read more: https://t.co/OQPWF08TOo 📌 OS Command vulnerability – CVE-2024-52961 📌 Incorrect authorization vulnerability – CVE-2024-45328 📌 Format String Vulnerability – CVE-2024-45324 📌 SQL injection https://t.co/JLWBDWIAqQ
0
0
0
Warning: High severity vulnerability in #FortiOS #FortiProxy #FortiPAM #FortiSRA and #FortiWeb #CVE-2024-45324 CVSS: 7.2. This can lead to remote code execution #RCE! #Patch #Patch #Patch
0
0
0
Belangrijke beveiligingsupdate: fortinet-producten gevoelig voor cwe-134 kwetsbaarheid https://t.co/swslRhAVmy #Fortinet beveiligingslek #CVE-2024-45324 kwetsbaarheid #CWE-134 format string #FortiOS update #FortiGuard Labs PSIRT #Trending #Tech #Nieuws
0
0
0
Belangrijke beveiligingsupdate voor fortinet producten door recent ontdekte cve-2024-45324 kwetsbaarheid https://t.co/bONHfTpVtY #CVE-2024-45324 #Fortinet #Cybersecurity #FortiOS Vulnerability #FortiGuard Labs #Trending #Tech #Nieuws
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://fortiguard.fortinet.com/psirt/FG-IR-24-325
HTTPS://FORTIGUARD.FORTINET.COM/PSIRT/FG-IR-24-325https://fortiguard.fortinet.com/psirt/FG-IR-24-325

CWE Details

CWE IDCWE NameDescription
CWE-134Use of Externally-Controlled Format StringThe software uses a function that accepts a format string as an argument, but the format string originates from an external source.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence