CVE-2024-45324 – A format string vulnerability in multiple Forti... (How to Fix)

Q: How do I fix CVE-2024-45324?

1. Access Fortinet support portal. 2. Download appropriate firmware update for your product/version. 3. Backup configuration. 4. Apply firmware update via web GUI or CLI. 5. Verify successful update and functionality.

Q: What is the severity of CVE-2024-45324?

CVE-2024-45324 has a CVSS score of 7.2 (HIGH). A format string vulnerability in multiple Fortinet products allows privileged attackers to execute arbitrary code via crafted HTTP/HTTPS requests. This affects FortiOS, FortiProxy, FortiPAM, FortiSRA, and FortiWeb across multiple versions. Attackers with administrative access can potentially gain full system control.

📋 TL;DR

A format string vulnerability in multiple Fortinet products allows privileged attackers to execute arbitrary code via crafted HTTP/HTTPS requests. This affects FortiOS, FortiProxy, FortiPAM, FortiSRA, and FortiWeb across multiple versions. Attackers with administrative access can potentially gain full system control.

💻 Affected Systems

Products:

FortiOS
FortiProxy
FortiPAM
FortiSRA
FortiWeb

Versions: FortiOS: 7.4.0-7.4.4, 7.2.0-7.2.9, 7.0.0-7.0.15, <6.4.15; FortiProxy: 7.4.0-7.4.6, 7.2.0-7.2.12, <7.0.19; FortiPAM: 1.4.0-1.4.2, <1.3.1; FortiSRA: 1.4.0-1.4.2, <1.3.1; FortiWeb: 7.4.0-7.4.5, 7.2.0-7.2.10, <7.0.10

Operating Systems: Fortinet proprietary OS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires privileged attacker access; affects administrative interfaces handling HTTP/HTTPS commands.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to data exfiltration, lateral movement, and persistent backdoor installation across the network.

🟠

Likely Case

Privileged attacker gains remote code execution, potentially compromising the affected device and adjacent systems.

🟢

If Mitigated

Limited to authenticated administrative users only, reducing attack surface but still dangerous if credentials are compromised.

🌐 Internet-Facing: HIGH if administrative interfaces are exposed to the internet, as attackers could exploit this remotely.

🏢 Internal Only: MEDIUM for internal administrative users, requiring privileged access but posing significant risk if credentials are compromised.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires administrative credentials; exploitation involves crafting specific HTTP/HTTPS requests with malicious format strings.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FortiOS: 7.4.5+, 7.2.10+, 7.0.16+, 6.4.15+; FortiProxy: 7.4.7+, 7.2.13+, 7.0.19+; FortiPAM: 1.4.3+, 1.3.1+; FortiSRA: 1.4.3+, 1.3.1+; FortiWeb: 7.4.6+, 7.2.11+, 7.0.10+

Vendor Advisory: https://fortiguard.fortinet.com/psirt/FG-IR-24-325

Restart Required: No

Instructions:

1. Access Fortinet support portal. 2. Download appropriate firmware update for your product/version. 3. Backup configuration. 4. Apply firmware update via web GUI or CLI. 5. Verify successful update and functionality.

🔧 Temporary Workarounds

Restrict Administrative Access

all

Limit administrative interface access to trusted IP addresses only using firewall rules or access control lists.

config system interface
edit <interface_name>
set allowaccess https ssh
set trust-ip-1 <trusted_ip>
end

Enable Multi-Factor Authentication

all

Implement MFA for administrative accounts to reduce risk of credential compromise.

config user local
edit <admin_user>
set two-factor email/fortitoken
end

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected devices from critical systems.
Monitor administrative access logs for suspicious activity and implement alerting for unusual login patterns.

🔍 How to Verify

Check if Vulnerable:

Check current firmware version via CLI: 'get system status' or web GUI: System > Dashboard. Compare against affected versions list.

Check Version:

get system status | grep Version

Verify Fix Applied:

Verify firmware version is patched: 'get system status' should show version equal to or higher than patched versions listed in advisory.

📡 Detection & Monitoring

Log Indicators:

Unusual administrative login attempts
HTTP/HTTPS requests with unusual format strings in administrative interfaces
Unexpected process execution or configuration changes

Network Indicators:

Unusual traffic patterns to administrative interfaces
HTTP requests with crafted format string payloads

SIEM Query:

source="fortinet" AND (event_type="admin_login" OR http_request CONTAINS "%n" OR "%s" OR "%x")

📊 Metadata

CVE ID: CVE-2024-45324

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-134

EPSS Score: 0.1% exploit probability (27.2th percentile)

Published: March 11, 2025

Last Updated: July 24, 2025

🔗 References

https://fortiguard.fortinet.com/psirt/FG-IR-24-325 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45324, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fortios by Fortinet

Fortios by Fortinet

Fortios by Fortinet

Fortios by Fortinet

Fortios by Fortinet

Fortipam by Fortinet

Fortipam by Fortinet

Fortiproxy by Fortinet

Fortiproxy by Fortinet

Fortiproxy by Fortinet

Fortiproxy by Fortinet

Fortisra by Fortinet

Fortiweb by Fortinet

Fortiweb by Fortinet

Fortiweb by Fortinet

Fortiweb by Fortinet

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Administrative Access

Enable Multi-Factor Authentication

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities