How severe is CVE-2024-45324?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2024-45324?

This is classified as CWE-134, which is a common weakness in software security.

CVE-2024-45324

HIGH Year: 2024

CVSS v3 Score

7.2

High

Weakness Type

CWE-134

View all →

Vulnerability Description

A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands.

CVE-2018-12590

HIGH

CVSS:7.2(High)

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privileg...

CWE-1342018

CVE-2023-35086

HIGH

CVSS:7.2(High)

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function...

CWE-1342023

CVE-2023-39238

HIGH

CVSS:7.2(High)

It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. A remote attacker with...

CWE-1342023

CVE-2023-39239

HIGH

CVSS:7.2(High)

It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote...

CWE-1342023

CVE-2023-39240

HIGH

CVSS:7.2(High)

It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi mo...

CWE-1342023

CVE-2023-45583

HIGH

CVSS:7.2(High)

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM version...

CWE-1342023

CVE-2024-45324

Vulnerability Description

Related Vulnerabilities

CVE-2018-12590

CVE-2023-35086

CVE-2023-39238

CVE-2023-39239

CVE-2023-39240

CVE-2023-45583