Externally-Controlled Format String Vulnerability in FortiOS and FortiProxy Solutions

CVE-2024-45324

What is CVE-2024-45324?

CVE-2024-45324 is a serious vulnerability found in various Fortinet solutions, including FortiOS and FortiProxy. Fortinet’s products are designed for network security, providing essential services such as firewalls, VPNs, and intrusion prevention systems. This particular vulnerability arises from the use of externally-controlled format strings, which can be exploited by privileged attackers. If successfully leveraged, it could allow unauthorized code execution through crafted HTTP or HTTPS requests, significantly threatening an organization’s security posture.

Technical Details

CVE-2024-45324 affects multiple versions of FortiOS and FortiProxy, specifically versions 7.4.0 to 7.4.4, 7.2.0 to 7.2.9, and 7.0.0 to 7.0.15 for FortiOS, along with earlier versions down to 6.4.15. For FortiProxy, the vulnerability spans versions 7.4.0 to 7.4.6, 7.2.0 to 7.2.12, and earlier than 7.0.19. Other affected products include FortiPAM, FortiSRA, and FortiWeb with similar version ranges. The flaw stems from improperly controlled format strings, which can be manipulated by attackers to execute arbitrary commands or code remotely.

Potential Impact of CVE-2024-45324

1. Unauthorized Code Execution: Exploiting this vulnerability may enable attackers to run malicious code or commands on affected devices, facilitating unauthorized access to sensitive data and resources.

2. Compromise of Network Security: An attacker gaining control over devices running Fortinet solutions could disable critical security features, opening the network to further attacks and exploitation.

3. Increased Risk of Malware Propagation: Successful exploitation can lead to the deployment of additional malware, potentially making it easier for ransomware groups to infect interconnected systems, resulting in broader implications for organizational operations and data integrity.

References