CVE-2024-45324 - Use of Externally-Controlled Format String Vulnerability in Fortinet Products Leads to Unauthorized Code Execution

A recent announcement has brought attention to a critical vulnerability that affects multiple Fortinet products, including FortiOS, FortiProxy, FortiPAM, FortiSRA, and FortiWeb. This vulnerability, known as CVE-2024-45324, is a type of use of externally-controlled format string (CWE-134) vulnerability, which could allow attackers to execute unauthorized code or commands using specially crafted HTTP or HTTPS commands.

This vulnerability impacts the following versions of the various Fortinet products

- FortiOS version 7.4. through 7.4.4, version 7.2. through 7.2.9, version 7.. through 7..15 and before 6.4.15

Exploit Details

An attacker with privileged access could craft specific HTTP or HTTPS commands to exploit this vulnerability and execute unauthorized code or commands on the affected Fortinet products.

Here's a snippet of code demonstrating an example of a vulnerable function in C

#include <stdio.h>

void vulnerable_function(char *user_input) {
    printf(user_input);
}

int main() {
    char buffer[1024];
    fgets(buffer, sizeof(buffer), stdin);
    vulnerable_function(buffer);
    return ;
}

In the above example, the vulnerable_function does not validate the user input format before passing it to the printf() function, making it susceptible to an attacker-controlled format string attack.

Attackers could exploit this vulnerability by sending carefully crafted HTTP or HTTPS commands, potentially compromising the integrity and confidentiality of the targeted systems.

Official References

The Fortinet security advisory, published here, provides detailed information about the vulnerability, affected products, and versions.

Additionally, the CVE record for this vulnerability can be found here, which includes a link to the official CWE documentation for CWE-134: Use of Externally-Controlled Format String.

Remediation

Users of affected Fortinet products are urged to apply the appropriate patches and updates as soon as they become available. These updates will address the vulnerability and provide protection against potential exploitation.

In the meantime, as a temporary measure, it is recommended to restrict access to affected devices strictly to trusted sources and closely monitor their activity for any signs of unauthorized code execution or other suspicious behavior.

It's important for users of Fortinet products to stay informed about the latest updates and security advisories from the company to ensure the security of their infrastructure.

Timeline

Published on: 03/11/2025 15:15:41 UTC