CVE-2024-45324 - Vulnerability Details

Vendors	Products
Fortinet	Fortios Fortipam Fortisra

Link	Providers
https://fortiguard.fortinet.com/psirt/FG-IR-24-325

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Description		A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands.
First Time appeared		Fortinet Fortinet fortios Fortinet fortipam Fortinet fortisra
Weaknesses		CWE-134
CPEs		cpe:2.3:a:fortinet:fortisra:1.4.0:::::::* cpe:2.3:a:fortinet:fortisra:1.4.1:::::::* cpe:2.3:a:fortinet:fortisra:1.4.2:::::::* cpe:2.3:o:fortinet:fortios:6.2.0:::::::* cpe:2.3:o:fortinet:fortios:6.2.10:::::::* cpe:2.3:o:fortinet:fortios:6.2.11:::::::* cpe:2.3:o:fortinet:fortios:6.2.12:::::::* cpe:2.3:o:fortinet:fortios:6.2.13:::::::* cpe:2.3:o:fortinet:fortios:6.2.14:::::::* cpe:2.3:o:fortinet:fortios:6.2.15:::::::* cpe:2.3:o:fortinet:fortios:6.2.16:::::::* cpe:2.3:o:fortinet:fortios:6.2.1:::::::* cpe:2.3:o:fortinet:fortios:6.2.2:::::::* cpe:2.3:o:fortinet:fortios:6.2.3:::::::* cpe:2.3:o:fortinet:fortios:6.2.4:::::::* cpe:2.3:o:fortinet:fortios:6.2.5:::::::* cpe:2.3:o:fortinet:fortios:6.2.6:::::::* cpe:2.3:o:fortinet:fortios:6.2.7:::::::* cpe:2.3:o:fortinet:fortios:6.2.8:::::::* cpe:2.3:o:fortinet:fortios:6.2.9:::::::* cpe:2.3:o:fortinet:fortios:6.4.0:::::::* cpe:2.3:o:fortinet:fortios:6.4.10:::::::* cpe:2.3:o:fortinet:fortios:6.4.11:::::::* cpe:2.3:o:fortinet:fortios:6.4.12:::::::* cpe:2.3:o:fortinet:fortios:6.4.13:::::::* cpe:2.3:o:fortinet:fortios:6.4.14:::::::* cpe:2.3:o:fortinet:fortios:6.4.15:::::::* cpe:2.3:o:fortinet:fortios:6.4.1:::::::* cpe:2.3:o:fortinet:fortios:6.4.2:::::::* cpe:2.3:o:fortinet:fortios:6.4.3:::::::* cpe:2.3:o:fortinet:fortios:6.4.4:::::::* cpe:2.3:o:fortinet:fortios:6.4.5:::::::* cpe:2.3:o:fortinet:fortios:6.4.6:::::::* cpe:2.3:o:fortinet:fortios:6.4.7:::::::* cpe:2.3:o:fortinet:fortios:6.4.8:::::::* cpe:2.3:o:fortinet:fortios:6.4.9:::::::* cpe:2.3:o:fortinet:fortios:7.0.0:::::::* cpe:2.3:o:fortinet:fortios:7.0.10:::::::* cpe:2.3:o:fortinet:fortios:7.0.11:::::::* cpe:2.3:o:fortinet:fortios:7.0.12:::::::* cpe:2.3:o:fortinet:fortios:7.0.13:::::::* cpe:2.3:o:fortinet:fortios:7.0.14:::::::* cpe:2.3:o:fortinet:fortios:7.0.15:::::::* cpe:2.3:o:fortinet:fortios:7.0.1:::::::* cpe:2.3:o:fortinet:fortios:7.0.2:::::::* cpe:2.3:o:fortinet:fortios:7.0.3:::::::* cpe:2.3:o:fortinet:fortios:7.0.4:::::::* cpe:2.3:o:fortinet:fortios:7.0.5:::::::* cpe:2.3:o:fortinet:fortios:7.0.6:::::::* cpe:2.3:o:fortinet:fortios:7.0.7:::::::* cpe:2.3:o:fortinet:fortios:7.0.8:::::::* cpe:2.3:o:fortinet:fortios:7.0.9:::::::* cpe:2.3:o:fortinet:fortios:7.2.0:::::::* cpe:2.3:o:fortinet:fortios:7.2.1:::::::* cpe:2.3:o:fortinet:fortios:7.2.2:::::::* cpe:2.3:o:fortinet:fortios:7.2.3:::::::* cpe:2.3:o:fortinet:fortios:7.2.4:::::::* cpe:2.3:o:fortinet:fortios:7.2.5:::::::* cpe:2.3:o:fortinet:fortios:7.2.6:::::::* cpe:2.3:o:fortinet:fortios:7.2.7:::::::* cpe:2.3:o:fortinet:fortios:7.2.8:::::::* cpe:2.3:o:fortinet:fortios:7.2.9:::::::* cpe:2.3:o:fortinet:fortios:7.4.0:::::::* cpe:2.3:o:fortinet:fortios:7.4.1:::::::* cpe:2.3:o:fortinet:fortios:7.4.2:::::::* cpe:2.3:o:fortinet:fortios:7.4.3:::::::* cpe:2.3:o:fortinet:fortios:7.4.4:::::::* cpe:2.3:o:fortinet:fortipam:1.0.0:::::::* cpe:2.3:o:fortinet:fortipam:1.0.1:::::::* cpe:2.3:o:fortinet:fortipam:1.0.2:::::::* cpe:2.3:o:fortinet:fortipam:1.0.3:::::::* cpe:2.3:o:fortinet:fortipam:1.1.0:::::::* cpe:2.3:o:fortinet:fortipam:1.1.1:::::::* cpe:2.3:o:fortinet:fortipam:1.1.2:::::::* cpe:2.3:o:fortinet:fortipam:1.2.0:::::::* cpe:2.3:o:fortinet:fortipam:1.3.0:::::::* cpe:2.3:o:fortinet:fortipam:1.3.1:::::::* cpe:2.3:o:fortinet:fortipam:1.4.0:::::::* cpe:2.3:o:fortinet:fortipam:1.4.1:::::::* cpe:2.3:o:fortinet:fortipam:1.4.2:::::::*
Vendors & Products		Fortinet Fortinet fortios Fortinet fortipam Fortinet fortisra
References		https://fortiguard.fortinet.com/psirt/FG-IR-24-325
Metrics		cvssV3_1 `{'score': 7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45324", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2024-08-27T06:43:07.250Z", "datePublished": "2025-03-11T14:54:33.810Z", "dateUpdated": "2025-03-12T04:00:50.935Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiPAM", "cpes": ["cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "1.4.0", "lessThanOrEqual": "1.4.2", "status": "affected"}, {"versionType": "semver", "version": "1.3.0", "lessThanOrEqual": "1.3.1", "status": "affected"}, {"version": "1.2.0", "status": "affected"}, {"versionType": "semver", "version": "1.1.0", "lessThanOrEqual": "1.1.2", "status": "affected"}, {"versionType": "semver", "version": "1.0.0", "lessThanOrEqual": "1.0.3", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiProxy", "cpes": [], "defaultStatus": "unaffected", "versions": [{"version": "7.6.0", "status": "affected"}, {"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.6", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.12", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.19", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiSRA", "cpes": ["cpe:2.3:a:fortinet:fortisra:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisra:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisra:1.4.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "1.4.0", "lessThanOrEqual": "1.4.2", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiWeb", "cpes": [], "defaultStatus": "unaffected", "versions": [{"version": "7.6.0", "status": "affected"}, {"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.5", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.10", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.10", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiOS", "cpes": ["cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.4", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.9", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.15", "status": "affected"}, {"versionType": "semver", "version": "6.4.0", "lessThanOrEqual": "6.4.15", "status": "affected"}, {"versionType": "semver", "version": "6.2.0", "lessThanOrEqual": "6.2.16", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-03-11T14:54:33.810Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-134", "description": "Execute unauthorized code or commands", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiPAM version 1.5.0 or above \nPlease upgrade to FortiPAM version 1.4.3 or above \nPlease upgrade to FortiPAM version 1.3.2 or above \nPlease upgrade to FortiProxy version 7.6.1 or above \nPlease upgrade to FortiProxy version 7.4.7 or above \nPlease upgrade to FortiProxy version 7.2.13 or above \nPlease upgrade to FortiProxy version 7.0.20 or above \nPlease upgrade to FortiSRA version 1.5.0 or above \nPlease upgrade to FortiSRA version 1.4.3 or above \nPlease upgrade to FortiAuthenticator version 7.0.0 or above \nPlease upgrade to FortiWeb version 7.6.1 or above \nPlease upgrade to FortiWeb version 7.4.6 or above \nPlease upgrade to FortiWeb version 7.2.11 or above \nPlease upgrade to FortiWeb version 7.0.11 or above \nPlease upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiOS version 7.4.5 or above \nPlease upgrade to FortiOS version 7.2.10 or above \nPlease upgrade to FortiOS version 7.0.16 or above \nPlease upgrade to FortiOS version 6.4.16 or above \nPlease upgrade to FortiSASE version 24.4.b1 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-325", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-325"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-11T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2024-45324"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-12T04:00:50.935Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2024-45324 (string)

assignerOrgId : 6abe59d8-c742-4dff-8ce8-9b0ca1073da8 (string)

state : PUBLISHED (string)

assignerShortName : fortinet (string)

dateReserved : 2024-08-27T06:43:07.250Z (string)

datePublished : 2025-03-11T14:54:33.810Z (string)

dateUpdated : 2025-03-12T04:00:50.935Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

vendor : Fortinet (string)

product : FortiPAM (string)

cpes : [ »

0 : cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:* (string)

1 : cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:* (string)

2 : cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:* (string)

3 : cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:* (string)

4 : cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:* (string)

5 : cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:* (string)

6 : cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:* (string)

7 : cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:* (string)

8 : cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:* (string)

9 : cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:* (string)

10 : cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:* (string)

11 : cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:* (string)

12 : cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:* (string)

]

defaultStatus : unaffected (string)

versions : [ »

0 : { »

versionType : semver (string)

version : 1.4.0 (string)

lessThanOrEqual : 1.4.2 (string)

status : affected (string)

}

1 : { »

versionType : semver (string)

version : 1.3.0 (string)

lessThanOrEqual : 1.3.1 (string)

status : affected (string)

}

2 : { »

version : 1.2.0 (string)

status : affected (string)

}

3 : { »

versionType : semver (string)

version : 1.1.0 (string)

lessThanOrEqual : 1.1.2 (string)

status : affected (string)

}

4 : { »

versionType : semver (string)

version : 1.0.0 (string)

lessThanOrEqual : 1.0.3 (string)

status : affected (string)

}

]

}

1 : { »

vendor : Fortinet (string)

product : FortiProxy (string)

cpes : [ *empty* ]

defaultStatus : unaffected (string)

versions : [ »

0 : { »

version : 7.6.0 (string)

status : affected (string)

}

1 : { »

versionType : semver (string)

version : 7.4.0 (string)

lessThanOrEqual : 7.4.6 (string)

status : affected (string)

}

2 : { »

versionType : semver (string)

version : 7.2.0 (string)

lessThanOrEqual : 7.2.12 (string)

status : affected (string)

}

3 : { »

versionType : semver (string)

version : 7.0.0 (string)

lessThanOrEqual : 7.0.19 (string)

status : affected (string)

}

]

}

2 : { »

vendor : Fortinet (string)

product : FortiSRA (string)

cpes : [ »

0 : cpe:2.3:a:fortinet:fortisra:1.4.2:*:*:*:*:*:*:* (string)

1 : cpe:2.3:a:fortinet:fortisra:1.4.1:*:*:*:*:*:*:* (string)

2 : cpe:2.3:a:fortinet:fortisra:1.4.0:*:*:*:*:*:*:* (string)

]

defaultStatus : unaffected (string)

versions : [ »

0 : { »

versionType : semver (string)

version : 1.4.0 (string)

lessThanOrEqual : 1.4.2 (string)

status : affected (string)

}

]

}

3 : { »

vendor : Fortinet (string)

product : FortiWeb (string)

cpes : [ *empty* ]

defaultStatus : unaffected (string)

versions : [ »

0 : { »

version : 7.6.0 (string)

status : affected (string)

}

1 : { »

versionType : semver (string)

version : 7.4.0 (string)

lessThanOrEqual : 7.4.5 (string)

status : affected (string)

}

2 : { »

versionType : semver (string)

version : 7.2.0 (string)

lessThanOrEqual : 7.2.10 (string)

status : affected (string)

}

3 : { »

versionType : semver (string)

version : 7.0.0 (string)

lessThanOrEqual : 7.0.10 (string)

status : affected (string)

}

]

}

4 : { »

vendor : Fortinet (string)

product : FortiOS (string)

cpes : [ »

0 : cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* (string)

1 : cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* (string)

2 : cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* (string)

3 : cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* (string)

4 : cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* (string)

5 : cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:* (string)

6 : cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:* (string)

7 : cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:* (string)

8 : cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:* (string)

9 : cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* (string)

10 : cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* (string)

11 : cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* (string)

12 : cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* (string)

13 : cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* (string)

14 : cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* (string)

15 : cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:* (string)

16 : cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:* (string)

17 : cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:* (string)

18 : cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:* (string)

19 : cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:* (string)

20 : cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:* (string)

21 : cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:* (string)

22 : cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:* (string)

23 : cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:* (string)

24 : cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:* (string)

25 : cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:* (string)

26 : cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:* (string)

27 : cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:* (string)

28 : cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:* (string)

29 : cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:* (string)

30 : cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:* (string)

31 : cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:* (string)

32 : cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:* (string)

33 : cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:* (string)

34 : cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:* (string)

35 : cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:* (string)

36 : cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:* (string)

37 : cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:* (string)

38 : cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:* (string)

39 : cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:* (string)

40 : cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:* (string)

41 : cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:* (string)

42 : cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:* (string)

43 : cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:* (string)

44 : cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:* (string)

45 : cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:* (string)

46 : cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:* (string)

47 : cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:* (string)

48 : cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:* (string)

49 : cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:* (string)

50 : cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:* (string)

51 : cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:* (string)

52 : cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:* (string)

53 : cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:* (string)

54 : cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:* (string)

55 : cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:* (string)

56 : cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:* (string)

57 : cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:* (string)

58 : cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:* (string)

59 : cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:* (string)

60 : cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:* (string)

61 : cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:* (string)

62 : cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:* (string)

63 : cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:* (string)

]

defaultStatus : unaffected (string)

versions : [ »

0 : { »

versionType : semver (string)

version : 7.4.0 (string)

lessThanOrEqual : 7.4.4 (string)

status : affected (string)

}

1 : { »

versionType : semver (string)

version : 7.2.0 (string)

lessThanOrEqual : 7.2.9 (string)

status : affected (string)

}

2 : { »

versionType : semver (string)

version : 7.0.0 (string)

lessThanOrEqual : 7.0.15 (string)

status : affected (string)

}

3 : { »

versionType : semver (string)

version : 6.4.0 (string)

lessThanOrEqual : 6.4.15 (string)

status : affected (string)

}

4 : { »

versionType : semver (string)

version : 6.2.0 (string)

lessThanOrEqual : 6.2.16 (string)

status : affected (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands. (string)

}

]

providerMetadata : { »

orgId : 6abe59d8-c742-4dff-8ce8-9b0ca1073da8 (string)

shortName : fortinet (string)

dateUpdated : 2025-03-11T14:54:33.810Z (string)

}

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

cweId : CWE-134 (string)

description : Execute unauthorized code or commands (string)

type : CWE (string)

}

]

}

]

metrics : [ »

0 : { »

format : CVSS (string)

cvssV3_1 : { »

version : 3.1 (string)

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C (string)

}

]

solutions : [ »

0 : { »

lang : en (string)

value : Please upgrade to FortiPAM version 1.5.0 or above Please upgrade to FortiPAM version 1.4.3 or above Please upgrade to FortiPAM version 1.3.2 or above Please upgrade to FortiProxy version 7.6.1 or above Please upgrade to FortiProxy version 7.4.7 or above Please upgrade to FortiProxy version 7.2.13 or above Please upgrade to FortiProxy version 7.0.20 or above Please upgrade to FortiSRA version 1.5.0 or above Please upgrade to FortiSRA version 1.4.3 or above Please upgrade to FortiAuthenticator version 7.0.0 or above Please upgrade to FortiWeb version 7.6.1 or above Please upgrade to FortiWeb version 7.4.6 or above Please upgrade to FortiWeb version 7.2.11 or above Please upgrade to FortiWeb version 7.0.11 or above Please upgrade to FortiOS version 7.6.0 or above Please upgrade to FortiOS version 7.4.5 or above Please upgrade to FortiOS version 7.2.10 or above Please upgrade to FortiOS version 7.0.16 or above Please upgrade to FortiOS version 6.4.16 or above Please upgrade to FortiSASE version 24.4.b1 or above (string)

}

]

references : [ »

0 : { »

name : https://fortiguard.fortinet.com/psirt/FG-IR-24-325 (string)

url : https://fortiguard.fortinet.com/psirt/FG-IR-24-325 (string)

}

]

}

adp : [ »

0 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2025-03-11T00:00:00+00:00 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

id : CVE-2024-45324 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-03-12T04:00:50.935Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45324", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-11T16:03:30.330232Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-11T16:03:31.664Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiPAM", "versions": [{"status": "affected", "version": "1.4.0", "versionType": "semver", "lessThanOrEqual": "1.4.2"}, {"status": "affected", "version": "1.3.0", "versionType": "semver", "lessThanOrEqual": "1.3.1"}, {"status": "affected", "version": "1.2.0"}, {"status": "affected", "version": "1.1.0", "versionType": "semver", "lessThanOrEqual": "1.1.2"}, {"status": "affected", "version": "1.0.0", "versionType": "semver", "lessThanOrEqual": "1.0.3"}], "defaultStatus": "unaffected"}, {"cpes": [], "vendor": "Fortinet", "product": "FortiProxy", "versions": [{"status": "affected", "version": "7.6.0"}, {"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.6"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.12"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.19"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:fortinet:fortisra:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisra:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisra:1.4.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiSRA", "versions": [{"status": "affected", "version": "1.4.0", "versionType": "semver", "lessThanOrEqual": "1.4.2"}], "defaultStatus": "unaffected"}, {"cpes": [], "vendor": "Fortinet", "product": "FortiWeb", "versions": [{"status": "affected", "version": "7.6.0"}, {"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.5"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.10"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.10"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiOS", "versions": [{"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.4"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.9"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.15"}, {"status": "affected", "version": "6.4.0", "versionType": "semver", "lessThanOrEqual": "6.4.15"}, {"status": "affected", "version": "6.2.0", "versionType": "semver", "lessThanOrEqual": "6.2.16"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiPAM version 1.5.0 or above \nPlease upgrade to FortiPAM version 1.4.3 or above \nPlease upgrade to FortiPAM version 1.3.2 or above \nPlease upgrade to FortiProxy version 7.6.1 or above \nPlease upgrade to FortiProxy version 7.4.7 or above \nPlease upgrade to FortiProxy version 7.2.13 or above \nPlease upgrade to FortiProxy version 7.0.20 or above \nPlease upgrade to FortiSRA version 1.5.0 or above \nPlease upgrade to FortiSRA version 1.4.3 or above \nPlease upgrade to FortiAuthenticator version 7.0.0 or above \nPlease upgrade to FortiWeb version 7.6.1 or above \nPlease upgrade to FortiWeb version 7.4.6 or above \nPlease upgrade to FortiWeb version 7.2.11 or above \nPlease upgrade to FortiWeb version 7.0.11 or above \nPlease upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiOS version 7.4.5 or above \nPlease upgrade to FortiOS version 7.2.10 or above \nPlease upgrade to FortiOS version 7.0.16 or above \nPlease upgrade to FortiOS version 6.4.16 or above \nPlease upgrade to FortiSASE version 24.4.b1 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-325", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-325"}], "descriptions": [{"lang": "en", "value": "A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-134", "description": "Execute unauthorized code or commands"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-03-11T14:54:33.810Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45324", "state": "PUBLISHED", "dateUpdated": "2025-03-12T04:00:50.935Z", "dateReserved": "2024-08-27T06:43:07.250Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2025-03-11T14:54:33.810Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-45324 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

version : 2.0.3 (string)

timestamp : 2025-03-11T16:03:30.330232Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-03-11T16:03:31.664Z (string)