{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45324", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2024-08-27T06:43:07.250Z", "datePublished": "2025-03-11T14:54:33.810Z", "dateUpdated": "2025-10-16T09:43:58.579Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiOS", "cpes": ["cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.4", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.9", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.15", "status": "affected"}, {"versionType": "semver", "version": "6.4.0", "lessThanOrEqual": "6.4.15", "status": "affected"}, {"versionType": "semver", "version": "6.2.0", "lessThanOrEqual": "6.2.16", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiPAM", "cpes": ["cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "1.4.0", "lessThanOrEqual": "1.4.2", "status": "affected"}, {"versionType": "semver", "version": "1.3.0", "lessThanOrEqual": "1.3.1", "status": "affected"}, {"version": "1.2.0", "status": "affected"}, {"versionType": "semver", "version": "1.1.0", "lessThanOrEqual": "1.1.2", "status": "affected"}, {"versionType": "semver", "version": "1.0.0", "lessThanOrEqual": "1.0.3", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiSRA", "cpes": ["cpe:2.3:a:fortinet:fortisra:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisra:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisra:1.4.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "1.4.0", "lessThanOrEqual": "1.4.2", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiProxy", "cpes": [], "defaultStatus": "unaffected", "versions": [{"version": "7.6.0", "status": "affected"}, {"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.6", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.12", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.19", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiWeb", "cpes": [], "defaultStatus": "unaffected", "versions": [{"version": "7.6.0", "status": "affected"}, {"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.5", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.10", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.10", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-10-16T09:43:58.579Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-134", "description": "Execute unauthorized code or commands", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C"}}], "solutions": [{"lang": "en", "value": "Upgrade to upcoming FortiAuthenticator version 7.0.0 or above\nUpgrade to FortiPAM version 1.5.0 or above\nUpgrade to FortiPAM version 1.4.3 or above\nUpgrade to upcoming FortiPAM version 1.3.2 or above\nUpgrade to FortiOS version 7.6.0 or above\nUpgrade to FortiOS version 7.4.5 or above\nUpgrade to FortiOS version 7.2.10 or above\nUpgrade to FortiOS version 7.0.16 or above\nUpgrade to FortiOS version 6.4.16 or above\nUpgrade to FortiOS version 6.2.17 or above\nFortinet remediated this issue in FortiSASE version 24.4.b1 and hence customers do not need to perform any action.\nUpgrade to FortiProxy version 7.6.1 or above\nUpgrade to FortiProxy version 7.4.7 or above\nUpgrade to FortiProxy version 7.2.13 or above\nUpgrade to FortiProxy version 7.0.20 or above\nUpgrade to FortiSRA version 1.5.0 or above\nUpgrade to FortiSRA version 1.4.3 or above\nUpgrade to FortiWeb version 7.6.1 or above\nUpgrade to FortiWeb version 7.4.6 or above\nUpgrade to FortiWeb version 7.2.11 or above\nUpgrade to FortiWeb version 7.0.11 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-325", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-325"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-11T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2024-45324"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-12T04:00:50.935Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45324", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-11T16:03:30.330232Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-11T16:03:31.664Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiOS", "versions": [{"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.4"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.9"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.15"}, {"status": "affected", "version": "6.4.0", "versionType": "semver", "lessThanOrEqual": "6.4.15"}, {"status": "affected", "version": "6.2.0", "versionType": "semver", "lessThanOrEqual": "6.2.16"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiPAM", "versions": [{"status": "affected", "version": "1.4.0", "versionType": "semver", "lessThanOrEqual": "1.4.2"}, {"status": "affected", "version": "1.3.0", "versionType": "semver", "lessThanOrEqual": "1.3.1"}, {"status": "affected", "version": "1.2.0"}, {"status": "affected", "version": "1.1.0", "versionType": "semver", "lessThanOrEqual": "1.1.2"}, {"status": "affected", "version": "1.0.0", "versionType": "semver", "lessThanOrEqual": "1.0.3"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:fortinet:fortisra:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisra:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisra:1.4.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiSRA", "versions": [{"status": "affected", "version": "1.4.0", "versionType": "semver", "lessThanOrEqual": "1.4.2"}], "defaultStatus": "unaffected"}, {"cpes": [], "vendor": "Fortinet", "product": "FortiProxy", "versions": [{"status": "affected", "version": "7.6.0"}, {"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.6"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.12"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.19"}], "defaultStatus": "unaffected"}, {"cpes": [], "vendor": "Fortinet", "product": "FortiWeb", "versions": [{"status": "affected", "version": "7.6.0"}, {"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.5"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.10"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.10"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to upcoming FortiAuthenticator version 7.0.0 or above\nUpgrade to FortiPAM version 1.5.0 or above\nUpgrade to FortiPAM version 1.4.3 or above\nUpgrade to upcoming FortiPAM version 1.3.2 or above\nUpgrade to FortiOS version 7.6.0 or above\nUpgrade to FortiOS version 7.4.5 or above\nUpgrade to FortiOS version 7.2.10 or above\nUpgrade to FortiOS version 7.0.16 or above\nUpgrade to FortiOS version 6.4.16 or above\nUpgrade to FortiOS version 6.2.17 or above\nFortinet remediated this issue in FortiSASE version 24.4.b1 and hence customers do not need to perform any action.\nUpgrade to FortiProxy version 7.6.1 or above\nUpgrade to FortiProxy version 7.4.7 or above\nUpgrade to FortiProxy version 7.2.13 or above\nUpgrade to FortiProxy version 7.0.20 or above\nUpgrade to FortiSRA version 1.5.0 or above\nUpgrade to FortiSRA version 1.4.3 or above\nUpgrade to FortiWeb version 7.6.1 or above\nUpgrade to FortiWeb version 7.4.6 or above\nUpgrade to FortiWeb version 7.2.11 or above\nUpgrade to FortiWeb version 7.0.11 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-325", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-325"}], "descriptions": [{"lang": "en", "value": "A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-134", "description": "Execute unauthorized code or commands"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-10-16T09:43:58.579Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45324", "state": "PUBLISHED", "dateUpdated": "2025-10-16T09:43:58.579Z", "dateReserved": "2024-08-27T06:43:07.250Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2025-03-11T14:54:33.810Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCCC7410-CFB4-4E3B-8B1D-8FAEDCBD46DC", "versionEndExcluding": "6.2.17", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "B481963F-0415-42C8-BB38-C1A8BDF4B9F7", "versionEndExcluding": "6.4.16", "versionStartIncluding": "6.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EAE013D-7AE4-4C7A-81A0-296FE00F12CD", "versionEndExcluding": "7.0.16", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D7D031B-221B-4738-AC83-4FB92A106528", "versionEndExcluding": "7.2.10", "versionStartIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "A71AD879-997D-4787-A1E9-E4132AC521E2", "versionEndExcluding": "7.4.5", "versionStartIncluding": "7.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6AC9224-3994-4D38-B823-404AA8A2A854", "versionEndIncluding": "1.3.1", "versionStartIncluding": "1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*", "matchCriteriaId": "6142E55A-E939-4E25-BFB3-D7C97FACAD62", "versionEndExcluding": "1.4.3", "versionStartIncluding": "1.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B14CD59-F557-48A0-8458-BECD3AD7DB3A", "versionEndExcluding": "7.0.20", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDC18768-0891-465E-9900-3DF5D22A5CB3", "versionEndExcluding": "7.2.13", "versionStartIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "5029368F-7632-40BF-87A8-202FB3B3A571", "versionEndExcluding": "7.4.7", "versionStartIncluding": "7.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "C1A9E35E-AA55-44C4-BAAC-2E44E6DCE2EF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E739890-CFEA-4B7B-B78D-8CC8157BDF54", "versionEndExcluding": "7.0.11", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "matchCriteriaId": "B642678E-4E31-4A6B-A791-ACD5D332B175", "versionEndExcluding": "7.2.11", "versionStartIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C1BD145-AA4F-4264-B996-1BEC7B282EBE", "versionEndExcluding": "7.4.6", "versionStartIncluding": "7.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "28B43375-DA74-4C5F-BAEE-39F312EEF51F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortisra:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E56CAA8-088C-4116-9C3B-A2E53A2BB82B", "versionEndExcluding": "1.4.3", "versionStartIncluding": "1.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands."}, {"lang": "es", "value": "Una vulnerabilidad de uso de cadena de formato controlada externamente [CWE-134] en FortiOS versi\u00f3n 7.4.0 a 7.4.4, versi\u00f3n 7.2.0 a 7.2.9, versi\u00f3n 7.0.0 a 7.0.15 y anteriores a 6.4.15, FortiProxy versi\u00f3n 7.4.0 a 7.4.6, versi\u00f3n 7.2.0 a 7.2.12 y anteriores a 7.0.19, FortiPAM versi\u00f3n 1.4.0 a 1.4.2 y anteriores a 1.3.1, FortiSRA versi\u00f3n 1.4.0 a 1.4.2 y anteriores a 1.3.1 y FortiWeb versi\u00f3n 7.4.0 a 7.4.5, versi\u00f3n 7.2.0 a 7.2.10 y anteriores a 7.0.10 permite a un atacante privilegiado ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de comandos HTTP o HTTPS especialmente manipulados."}], "id": "CVE-2024-45324", "lastModified": "2025-07-24T19:06:14.957", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "psirt@fortinet.com", "type": "Secondary"}]}, "published": "2025-03-11T15:15:41.743", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-325"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "psirt@fortinet.com", "type": "Primary"}]}

{}

{}