Common Weakness Enumeration

CWE-134

Allowed

Use of Externally-Controlled Format String

Abstraction: Base · Status: Draft

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

499 vulnerabilities reference this CWE, most recent first.

CVE-2024-50397 (GCVE-0-2024-50397)

Vulnerability from cvelistv5 – Published: 2024-11-22 15:31 – Updated: 2024-11-22 16:44
VLAI
Title
QTS, QuTS hero
Summary
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
QNAP Systems Inc. QTS Affected: 5.2.x , < 5.2.1.2930 build 20241025 (custom)
Create a notification for this product.
QNAP Systems Inc. QuTS hero Affected: h5.2.x , < h5.2.1.2929 build 20241025 (custom)
Create a notification for this product.
Credits
Anh Nguyen Le Quoc (h4niz), Tri, Nguyen Huu, Quy, Cao Ngoc of bl4ckh0l3 from Galaxy One
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-50397",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-22T16:43:14.976588Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-22T16:44:57.191Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "QTS",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "5.2.1.2930 build 20241025",
              "status": "affected",
              "version": "5.2.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "QuTS hero",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "h5.2.1.2929 build 20241025",
              "status": "affected",
              "version": "h5.2.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Anh Nguyen Le Quoc (h4niz), Tri, Nguyen Huu, Quy, Cao Ngoc of bl4ckh0l3 from Galaxy One"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.2.1.2930 build 20241025 and later\u003cbr\u003eQuTS hero h5.2.1.2929 build 20241025 and later\u003cbr\u003e"
            }
          ],
          "value": "A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-135",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-135"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-134",
              "description": "CWE-134",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-22T15:31:34.360Z",
        "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "shortName": "qnap"
      },
      "references": [
        {
          "url": "https://www.qnap.com/en/security-advisory/qsa-24-43"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.2.1.2930 build 20241025 and later\u003cbr\u003eQuTS hero h5.2.1.2929 build 20241025 and later\u003cbr\u003e"
            }
          ],
          "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later"
        }
      ],
      "source": {
        "advisory": "QSA-24-43",
        "discovery": "EXTERNAL"
      },
      "title": "QTS, QuTS hero",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
    "assignerShortName": "qnap",
    "cveId": "CVE-2024-50397",
    "datePublished": "2024-11-22T15:31:34.360Z",
    "dateReserved": "2024-10-24T03:45:32.282Z",
    "dateUpdated": "2024-11-22T16:44:57.191Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-50396 (GCVE-0-2024-50396)

Vulnerability from cvelistv5 – Published: 2024-11-22 15:31 – Updated: 2024-11-22 16:44
VLAI
Title
QTS, QuTS hero
Summary
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
QNAP Systems Inc. QTS Affected: ? , < 5.2.1.2930 build 20241025 (custom)
Create a notification for this product.
QNAP Systems Inc. QuTS hero Affected: h5.2.x , < h5.2.1.2929 build 20241025 (custom)
Create a notification for this product.
Credits
Anh Nguyen Le Quoc (h4niz), Tri, Nguyen Huu, Quy, Cao Ngoc of bl4ckh0l3 from Galaxy One
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-50396",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-22T16:43:09.182160Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-22T16:44:57.056Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "QTS",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "5.2.1.2930 build 20241025",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "QuTS hero",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "h5.2.1.2929 build 20241025",
              "status": "affected",
              "version": "h5.2.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Anh Nguyen Le Quoc (h4niz), Tri, Nguyen Huu, Quy, Cao Ngoc of bl4ckh0l3 from Galaxy One"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to obtain secret data or modify memory.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.2.1.2930 build 20241025 and later\u003cbr\u003eQuTS hero h5.2.1.2929 build 20241025 and later\u003cbr\u003e"
            }
          ],
          "value": "A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to obtain secret data or modify memory.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-135",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-135"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-134",
              "description": "CWE-134",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-22T15:31:41.184Z",
        "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "shortName": "qnap"
      },
      "references": [
        {
          "url": "https://www.qnap.com/en/security-advisory/qsa-24-43"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.2.1.2930 build 20241025 and later\u003cbr\u003eQuTS hero h5.2.1.2929 build 20241025 and later\u003cbr\u003e"
            }
          ],
          "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later"
        }
      ],
      "source": {
        "advisory": "QSA-24-43",
        "discovery": "EXTERNAL"
      },
      "title": "QTS, QuTS hero",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
    "assignerShortName": "qnap",
    "cveId": "CVE-2024-50396",
    "datePublished": "2024-11-22T15:31:41.184Z",
    "dateReserved": "2024-10-24T03:41:08.490Z",
    "dateUpdated": "2024-11-22T16:44:57.056Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45330 (GCVE-0-2024-45330)

Vulnerability from cvelistv5 – Published: 2024-10-08 14:19 – Updated: 2024-10-08 16:00
VLAI
Summary
A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-134 - Escalation of privilege
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiAnalyzer Affected: 7.4.0 , ≤ 7.4.3 (semver)
Affected: 7.2.2 , ≤ 7.2.5 (semver)
    cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45330",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T15:59:58.602194Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-08T16:00:13.750Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.3",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.5",
              "status": "affected",
              "version": "7.2.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-134",
              "description": "Escalation of privilege",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-08T14:19:03.894Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-196",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-196"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiAnalyzer Cloud version 7.4.4 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.2.7 or above \nPlease upgrade to FortiAnalyzer version 7.6.0 or above \nPlease upgrade to FortiAnalyzer version 7.4.4 or above \nPlease upgrade to FortiAnalyzer version 7.2.6 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-45330",
    "datePublished": "2024-10-08T14:19:03.894Z",
    "dateReserved": "2024-08-27T06:43:07.251Z",
    "dateUpdated": "2024-10-08T16:00:13.750Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45324 (GCVE-0-2024-45324)

Vulnerability from cvelistv5 – Published: 2025-03-11 14:54 – Updated: 2026-02-26 19:09
VLAI
Summary
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-134 - Execute unauthorized code or commands
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiPAM Affected: 1.4.0 , ≤ 1.4.2 (semver)
Affected: 1.3.0 , ≤ 1.3.1 (semver)
Affected: 1.2.0
Affected: 1.1.0 , ≤ 1.1.2 (semver)
Affected: 1.0.0 , ≤ 1.0.3 (semver)
    cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*
Create a notification for this product.
Fortinet FortiWeb Affected: 7.6.0
Affected: 7.4.0 , ≤ 7.4.5 (semver)
Affected: 7.2.0 , ≤ 7.2.10 (semver)
Affected: 7.0.0 , ≤ 7.0.10 (semver)
    cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*
Create a notification for this product.
Fortinet FortiProxy Affected: 7.6.0
Affected: 7.4.0 , ≤ 7.4.6 (semver)
Affected: 7.2.0 , ≤ 7.2.12 (semver)
Affected: 7.0.0 , ≤ 7.0.19 (semver)
    cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
Create a notification for this product.
Fortinet FortiSRA Affected: 1.4.0 , ≤ 1.4.2 (semver)
    cpe:2.3:a:fortinet:fortisra:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisra:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisra:1.4.0:*:*:*:*:*:*:*
Create a notification for this product.
Fortinet FortiOS Affected: 7.4.0 , ≤ 7.4.4 (semver)
Affected: 7.2.0 , ≤ 7.2.9 (semver)
Affected: 7.0.0 , ≤ 7.0.15 (semver)
Affected: 6.4.0 , ≤ 6.4.15 (semver)
Affected: 6.2.0 , ≤ 6.2.16 (semver)
    cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45324",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-12T04:00:51.960748Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T19:09:40.968Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiPAM",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "1.4.2",
              "status": "affected",
              "version": "1.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.3.1",
              "status": "affected",
              "version": "1.3.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "1.2.0"
            },
            {
              "lessThanOrEqual": "1.1.2",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.0.3",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiWeb",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.10",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.10",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiProxy",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "lessThanOrEqual": "7.4.6",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.12",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.19",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisra:1.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisra:1.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisra:1.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSRA",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "1.4.2",
              "status": "affected",
              "version": "1.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.4",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.9",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.15",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.16",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-134",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-14T09:16:30.771Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-325",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-325"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiPAM version 1.5.0 or above\nUpgrade to FortiPAM version 1.4.3 or above\nUpgrade to upcoming  FortiPAM version 1.3.2 or above\nUpgrade to FortiProxy version 7.6.1 or above\nUpgrade to FortiProxy version 7.4.7 or above\nUpgrade to FortiProxy version 7.2.13 or above\nUpgrade to FortiProxy version 7.0.20 or above\nUpgrade to FortiOS version 7.6.0 or above\nUpgrade to FortiOS version 7.4.5 or above\nUpgrade to FortiOS version 7.2.10 or above\nUpgrade to FortiOS version 7.0.16 or above\nUpgrade to FortiOS version 6.4.16 or above\nUpgrade to FortiOS version 6.2.17 or above\nUpgrade to upcoming  FortiAuthenticator version 7.0.0 or above\nUpgrade to FortiWeb version 7.6.1 or above\nUpgrade to FortiWeb version 7.4.6 or above\nUpgrade to FortiWeb version 7.2.11 or above\nUpgrade to FortiWeb version 7.0.11 or above\nFortinet remediated this issue in FortiSASE version 24.4.b1 and hence customers do not need to perform any action.\nUpgrade to FortiSRA version 1.5.0 or above\nUpgrade to FortiSRA version 1.4.3 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-45324",
    "datePublished": "2025-03-11T14:54:33.810Z",
    "dateReserved": "2024-08-27T06:43:07.250Z",
    "dateUpdated": "2026-02-26T19:09:40.968Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42330 (GCVE-0-2024-42330)

Vulnerability from cvelistv5 – Published: 2024-11-27 12:05 – Updated: 2025-11-03 22:04
VLAI
Title
JS - Internal strings in HTTP headers
Summary
The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-134 - Use of Externally-Controlled Format String
Assigner
Impacted products
Vendor Product Version
Zabbix Zabbix Affected: 6.0.0 , ≤ 6.0.33 (git)
Affected: 6.4.0 , ≤ 6.4.18 (git)
Affected: 7.0.0 , ≤ 7.0.3 (git)
Create a notification for this product.
zabbix frontend Affected: 6.0.0 , ≤ 6.0.33 (git)
Affected: 6.4.0 , ≤ 6.4.18 (git)
Affected: 7.0.0 , ≤ 7.0.3 (git)
    cpe:2.3:a:zabbix:frontend:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-10-30 09:43
Credits
Zabbix wants to thank zhutyra for submitting this report on the HackerOne bug bounty platform.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:zabbix:frontend:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "frontend",
            "vendor": "zabbix",
            "versions": [
              {
                "lessThanOrEqual": "6.0.33",
                "status": "affected",
                "version": "6.0.0",
                "versionType": "git"
              },
              {
                "lessThanOrEqual": "6.4.18",
                "status": "affected",
                "version": "6.4.0",
                "versionType": "git"
              },
              {
                "lessThanOrEqual": "7.0.3",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "git"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42330",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-03T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T04:55:23.233Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:04:43.106Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Server"
          ],
          "product": "Zabbix",
          "repo": "https://git.zabbix.com/",
          "vendor": "Zabbix",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.0.34rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.0.33",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "6.4.19rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.4.18",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "7.0.4rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Zabbix wants to thank zhutyra for submitting this report on the HackerOne bug bounty platform."
        }
      ],
      "datePublic": "2024-10-30T09:43:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The HttpRequest object allows to get the HTTP headers from the server\u0027s response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects."
            }
          ],
          "value": "The HttpRequest object allows to get the HTTP headers from the server\u0027s response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        },
        {
          "capecId": "CAPEC-253",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-253 Remote Code Inclusion"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-134",
              "description": "CWE-134 Use of Externally-Controlled Format String",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T12:05:47.722Z",
        "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
        "shortName": "Zabbix"
      },
      "references": [
        {
          "url": "https://support.zabbix.com/browse/ZBX-25626"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "JS - Internal strings in HTTP headers",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
    "assignerShortName": "Zabbix",
    "cveId": "CVE-2024-42330",
    "datePublished": "2024-11-27T12:05:47.722Z",
    "dateReserved": "2024-07-30T08:27:36.132Z",
    "dateUpdated": "2025-11-03T22:04:43.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-39529 (GCVE-0-2024-39529)

Vulnerability from cvelistv5 – Published: 2024-07-11 16:03 – Updated: 2024-08-02 04:26
VLAI
Title
Junos OS: SRX Series: If DNS traceoptions are configured in a DGA or tunnel detection scenario specific DNS traffic leads to a PFE crash
Summary
A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are configured, and specific valid transit DNS traffic is received this causes a PFE crash and restart, leading to a Denial of Service. This issue affects Junos OS: * All versions before 21.4R3-S6, * 22.2 versions before 22.2R3-S3, * 22.3 versions before 22.3R3-S3, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R2.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-134 - Use of Externally-Controlled Format String
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: 0 , < 21.4R3-S6 (semver)
Affected: 22.2 , < 22.2R3-S3 (semver)
Affected: 22.3 , < 22.3R3-S3 (semver)
Affected: 22.4 , < 22.4R3 (semver)
Affected: 23.2 , < 23.2R2 (semver)
Create a notification for this product.
juniper junos_os Affected: 0 , < 21.4r3-s6 (custom)
Affected: 22.2 , < 22.2r3-s3 (custom)
Affected: 22.3 , < 22.3r3-s3 (custom)
Affected: 22.4 , < 22.4r3 (custom)
Affected: 23.2 , < 23.2r2 (custom)
    cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-07-10 16:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "junos_os",
            "vendor": "juniper",
            "versions": [
              {
                "lessThan": "21.4r3-s6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "22.2r3-s3",
                "status": "affected",
                "version": "22.2",
                "versionType": "custom"
              },
              {
                "lessThan": "22.3r3-s3",
                "status": "affected",
                "version": "22.3",
                "versionType": "custom"
              },
              {
                "lessThan": "22.4r3",
                "status": "affected",
                "version": "22.4",
                "versionType": "custom"
              },
              {
                "lessThan": "23.2r2",
                "status": "affected",
                "version": "23.2",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39529",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-11T18:27:00.817170Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-12T16:35:49.572Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.162Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://supportportal.juniper.net/JSA82988"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "SRX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.4R3-S6",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S3",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3-S3",
              "status": "affected",
              "version": "22.3",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To be exposed to this issue at least one of DGA or tunnel detection needs to be configured:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ services security-metadata-streaming policy \u0026lt;name\u0026gt; dns detections dga ]\u003cbr\u003e\n\n[ services security-metadata-streaming policy \u0026lt;name\u0026gt; dns detections tunneling ]\u003c/tt\u003e\n\n\u003cbr\u003e\u003cbr\u003eand DNS traceoptions have to be configured:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ services dns-filtering traceoptions ... ]\u003c/tt\u003e"
            }
          ],
          "value": "To be exposed to this issue at least one of DGA or tunnel detection needs to be configured:\n\n[ services security-metadata-streaming policy \u003cname\u003e dns detections dga ]\n\n\n[ services security-metadata-streaming policy \u003cname\u003e dns detections tunneling ]\n\n\n\nand DNS traceoptions have to be configured:\n\n[ services dns-filtering traceoptions ... ]"
        }
      ],
      "datePublic": "2024-07-10T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDenial-of-Service (DoS).\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIf DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003econfigured, and specific valid transit DNS traffic is received this causes\u0026nbsp;\u003c/span\u003e\u003c/span\u003ea PFE crash and restart, leading to a Denial of Service.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Junos OS: \u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eAll versions before 21.4R3-S6,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e22.2 versions before 22.2R3-S3,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e22.3 versions before 22.3R3-S3,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e22.4 versions before 22.4R3,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e23.2 versions before 23.2R2.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e"
            }
          ],
          "value": "A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a\u00a0Denial-of-Service (DoS).\n\n\n\nIf DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are configured, and specific valid transit DNS traffic is received this causes\u00a0a PFE crash and restart, leading to a Denial of Service.\n\nThis issue affects Junos OS: \n  *  All versions before 21.4R3-S6,\n  *  22.2 versions before 22.2R3-S3,\n  *  22.3 versions before 22.3R3-S3,\n  *  22.4 versions before 22.4R3,\n  *  23.2 versions before 23.2R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-134",
              "description": "CWE-134 Use of Externally-Controlled Format String",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-11T16:03:26.980Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA82988"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S6, 22.2R3-S3, 22.3R3-S3, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases."
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S6, 22.2R3-S3, 22.3R3-S3, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA82988",
        "defect": [
          "1755484"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS: SRX Series: If DNS traceoptions are configured in a DGA or tunnel detection scenario specific DNS traffic leads to a PFE crash",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2024-39529",
    "datePublished": "2024-07-11T16:03:26.980Z",
    "dateReserved": "2024-06-25T15:12:53.240Z",
    "dateUpdated": "2024-08-02T04:26:15.162Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23914 (GCVE-0-2024-23914)

Vulnerability from cvelistv5 – Published: 2024-05-03 08:15 – Updated: 2024-08-01 23:13
VLAI
Summary
Use of Externally-Controlled Format String vulnerability in Merge DICOM Toolkit C/C++ on Windows. When MC_Open_Association() function is used to open DICOM Association and gets DICOM Application Context Name with illegal characters, it might result in an unhandled exception.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-134 - Use of Externally-Controlled Format String
Assigner
Impacted products
Vendor Product Version
Merative Merge DICOM Toolkit C/C++ Affected: v5.6.0 , ≤ v5.17.0 (semver)
Create a notification for this product.
merative merge_dicom_toolkit_c_c\+\+ Affected: 5.6.0 , ≤ 5.17.0 (semver)
    cpe:2.3:a:merative:merge_dicom_toolkit_c_c\+\+:5.6.0:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Gabriele Quagliarella of Nozomi Networks found this bug during a security research activity.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:merative:merge_dicom_toolkit_c_c\\+\\+:5.6.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "merge_dicom_toolkit_c_c\\+\\+",
            "vendor": "merative",
            "versions": [
              {
                "lessThanOrEqual": "5.17.0",
                "status": "affected",
                "version": "5.6.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23914",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-03T14:28:49.877832Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:45:42.098Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:13:08.679Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-23914"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.merative.com/merge-imaging/dicom-toolkit",
          "defaultStatus": "unaffected",
          "packageName": "Merge DICOM Toolkit C/C++ 64-bit Microsoft Windows",
          "platforms": [
            "Windows"
          ],
          "product": "Merge DICOM Toolkit C/C++",
          "programRoutines": [
            {
              "name": "MC_Open_Association"
            }
          ],
          "vendor": "Merative",
          "versions": [
            {
              "lessThanOrEqual": "v5.17.0",
              "status": "affected",
              "version": "v5.6.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Gabriele Quagliarella of Nozomi Networks found this bug during a security research activity."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use of Externally-Controlled Format String vulnerability in Merge DICOM Toolkit C/C++ on Windows.\u003cbr\u003e\u003cbr\u003eWhen MC_Open_Association() function is used to open DICOM Association and gets DICOM Application Context Name with illegal characters, it might result in an unhandled exception."
            }
          ],
          "value": "Use of Externally-Controlled Format String vulnerability in Merge DICOM Toolkit C/C++ on Windows.\n\nWhen MC_Open_Association() function is used to open DICOM Association and gets DICOM Application Context Name with illegal characters, it might result in an unhandled exception."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-134",
              "description": "CWE-134 Use of Externally-Controlled Format String",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-03T08:15:32.389Z",
        "orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
        "shortName": "Nozomi"
      },
      "references": [
        {
          "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-23914"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The issue is resolved in Merge DICOM Toolkit 5.18.0 release.\u003cbr\u003e"
            }
          ],
          "value": "The issue is resolved in Merge DICOM Toolkit 5.18.0 release.\n"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The vulnerability can be exploited by unauthenticated attackers with a privileged position in the network. \u003cbr\u003eAs a temporary solution, until a patch is released, it is highly recommended do not expose the vulnerable component inside an untrusted network."
            }
          ],
          "value": "The vulnerability can be exploited by unauthenticated attackers with a privileged position in the network. \nAs a temporary solution, until a patch is released, it is highly recommended do not expose the vulnerable component inside an untrusted network."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
    "assignerShortName": "Nozomi",
    "cveId": "CVE-2024-23914",
    "datePublished": "2024-05-03T08:15:32.389Z",
    "dateReserved": "2024-01-23T15:02:55.722Z",
    "dateUpdated": "2024-08-01T23:13:08.679Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23113 (GCVE-0-2024-23113)

Vulnerability from cvelistv5 – Published: 2024-02-15 13:59 – Updated: 2025-10-21 23:05
VLAI
Summary
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.
SSVC
Exploitation: active Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-134 - Execute unauthorized code or commands
Assigner
Impacted products
Vendor Product Version
Fortinet FortiSwitchManager Affected: 7.2.0 , ≤ 7.2.3 (semver)
Affected: 7.0.0 , ≤ 7.0.3 (semver)
Create a notification for this product.
Fortinet FortiOS Affected: 7.4.0 , ≤ 7.4.2 (semver)
Affected: 7.2.0 , ≤ 7.2.6 (semver)
Affected: 7.0.0 , ≤ 7.0.13 (semver)
Create a notification for this product.
Fortinet FortiPAM Affected: 1.2.0
Affected: 1.1.0 , ≤ 1.1.2 (semver)
Affected: 1.0.0 , ≤ 1.0.3 (semver)
Create a notification for this product.
Fortinet FortiProxy Affected: 7.4.0 , ≤ 7.4.2 (semver)
Affected: 7.2.0 , ≤ 7.2.8 (semver)
Affected: 7.0.0 , ≤ 7.0.15 (semver)
Create a notification for this product.
fortinet fortiswitchmanager Affected: 7.2.0 , ≤ 7.2.3 (semver)
Affected: 7.0.0 , ≤ 7.0.3 (semver)
    cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*
Create a notification for this product.
fortinet fortios Affected: 7.4.0 , ≤ 7.4.2 (semver)
Affected: 7.2.0 , ≤ 7.2.6 (semver)
Affected: 7.0.0 , ≤ 7.0.13 (semver)
    cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*
Create a notification for this product.
fortinet fortiproxy Affected: 7.4.0 , ≤ 7.4.2 (semver)
Affected: 7.2.0 , ≤ 7.2.8 (semver)
Affected: 7.0.0 , ≤ 7.0.15 (semver)
    cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
Create a notification for this product.
fortinet fortipam Affected: 1.1.0 , ≤ 1.1.2 (semver)
Affected: 1.0.0 , ≤ 1.0.3 (semver)
Affected: 1.2.0
    cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:51:11.285Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-24-029",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-24-029"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortiswitchmanager",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.2.3",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.3",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortiswitchmanager",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.2.3",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.3",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortios",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.4.2",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.2.6",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.13",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortios",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.4.2",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.2.6",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.13",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortios",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.4.2",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.2.6",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.13",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortiproxy",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.4.2",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.2.8",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.15",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortiproxy",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.4.2",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.2.8",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.15",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortiproxy",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.4.2",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.2.8",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.15",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortipam",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "1.1.2",
                "status": "affected",
                "version": "1.1.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "1.0.3",
                "status": "affected",
                "version": "1.0.0",
                "versionType": "semver"
              },
              {
                "status": "affected",
                "version": "1.2.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortipam",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "1.1.2",
                "status": "affected",
                "version": "1.1.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "1.0.3",
                "status": "affected",
                "version": "1.0.0",
                "versionType": "semver"
              },
              {
                "status": "affected",
                "version": "1.2.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortipam",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "1.1.2",
                "status": "affected",
                "version": "1.1.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "1.0.3",
                "status": "affected",
                "version": "1.0.0",
                "versionType": "semver"
              },
              {
                "status": "affected",
                "version": "1.2.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23113",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-09T12:58:44.488595Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-10-09",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23113"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:24.308Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23113"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-10-09T00:00:00.000Z",
            "value": "CVE-2024-23113 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiSwitchManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.6",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiPAM",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "1.2.0"
            },
            {
              "lessThanOrEqual": "1.1.2",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.0.3",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiProxy",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.8",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.15",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-134",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-15T13:59:25.313Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-24-029",
          "url": "https://fortiguard.com/psirt/FG-IR-24-029"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiWeb version 7.4.3 or above \nPlease upgrade to FortiVoice version 7.0.2 or above \nPlease upgrade to FortiVoice version 6.4.9 or above \nPlease upgrade to FortiSwitchManager version 7.2.4 or above \nPlease upgrade to FortiSwitchManager version 7.0.4 or above \nPlease upgrade to FortiOS version 7.4.3 or above \nPlease upgrade to FortiOS version 7.2.7 or above \nPlease upgrade to FortiOS version 7.0.14 or above \nPlease upgrade to FortiAuthenticator version 7.0.0 or above \nPlease upgrade to FortiPAM version 1.2.1 or above \nPlease upgrade to FortiPAM version 1.1.3 or above \nPlease upgrade to FortiProxy version 7.4.3 or above \nPlease upgrade to FortiProxy version 7.2.9 or above \nPlease upgrade to FortiProxy version 7.0.16 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-23113",
    "datePublished": "2024-02-15T13:59:25.313Z",
    "dateReserved": "2024-01-11T16:29:07.980Z",
    "dateUpdated": "2025-10-21T23:05:24.308Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-12805 (GCVE-0-2024-12805)

Vulnerability from cvelistv5 – Published: 2025-01-09 07:24 – Updated: 2025-01-17 02:15
VLAI
Summary
A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-134 - Use of Externally-Controlled Format String
Assigner
References
Impacted products
Vendor Product Version
SonicWall SonicOS Affected: 6.5.4.15-117n and older versions
Affected: 7.0.1-5161 and older version
Affected: 7.1.2-7019
Affected: 8.0.0-8035
Create a notification for this product.
Date Public
2025-01-08 07:14
Credits
Catalpa of DBappSecurity Co. Ltd.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.2,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-12805",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-09T14:54:16.425901Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-17T02:15:26.594Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Gen6 Hardware",
            "Gen7 Hardware",
            "Gen7 NSv",
            "TZ80"
          ],
          "product": "SonicOS",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "6.5.4.15-117n and older versions"
            },
            {
              "status": "affected",
              "version": "7.0.1-5161 and older version"
            },
            {
              "status": "affected",
              "version": "7.1.2-7019"
            },
            {
              "status": "affected",
              "version": "8.0.0-8035"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Catalpa of DBappSecurity Co. Ltd."
        }
      ],
      "datePublic": "2025-01-08T07:14:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.\u003c/span\u003e\n\n\u003c/span\u003e"
            }
          ],
          "value": "A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-134",
              "description": "CWE-134 Use of Externally-Controlled Format String",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-09T07:24:12.357Z",
        "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "shortName": "sonicwall"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0004"
        }
      ],
      "source": {
        "advisory": "SNWLID-2025-0004",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
    "assignerShortName": "sonicwall",
    "cveId": "CVE-2024-12805",
    "datePublished": "2025-01-09T07:24:12.357Z",
    "dateReserved": "2024-12-19T16:36:08.986Z",
    "dateUpdated": "2025-01-17T02:15:26.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-9129 (GCVE-0-2024-9129)

Vulnerability from cvelistv5 – Published: 2024-10-22 17:09 – Updated: 2024-10-22 17:56
VLAI
Title
Format String Injection in Zend Server
Summary
In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Zend Zend Server Affected: 8.5 , < 9.1 (sem)
Create a notification for this product.
zend zend_server Affected: 8.5 , < 9.1 (semver)
    cpe:2.3:a:zend:zend_server:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:zend:zend_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "zend_server",
            "vendor": "zend",
            "versions": [
              {
                "lessThan": "9.1",
                "status": "affected",
                "version": "8.5",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9129",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T17:55:29.926971Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T17:56:22.159Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Zend Server",
          "vendor": "Zend",
          "versions": [
            {
              "lessThan": "9.1",
              "status": "affected",
              "version": "8.5",
              "versionType": "sem"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn versions of Zend Server\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e 8.5 and prior to\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e version\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e 9.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e2\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e a format string injection was discovered. \u003c/span\u003e\u003cbr\u003e\u003cbr\u003eReported by Dylan Marino\u003cbr\u003e"
            }
          ],
          "value": "In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. \n\nReported by Dylan Marino"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-134",
              "description": "CWE-134",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-22T17:26:05.410Z",
        "orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
        "shortName": "Perforce"
      },
      "references": [
        {
          "url": "https://portal.perforce.com/s/detail/a91PA000001SYZFYA4"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Format String Injection in Zend Server",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
    "assignerShortName": "Perforce",
    "cveId": "CVE-2024-9129",
    "datePublished": "2024-10-22T17:09:04.384Z",
    "dateReserved": "2024-09-23T21:57:10.547Z",
    "dateUpdated": "2024-10-22T17:56:22.159Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Requirements

Choose a language that is not subject to this flaw.

Mitigation
Implementation

Ensure that all format string functions are passed a static string which cannot be controlled by the user, and that the proper number of arguments are always sent to that function as well. If at all possible, use functions that do not support the %n operator in format strings. [REF-116] [REF-117]

Mitigation
Build and Compilation

Run compilers and linkers with high warning levels, since they may detect incorrect usage.

CAPEC-135: Format String Injection

An adversary includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An adversary can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the adversary can write to the program stack.

CAPEC-67: String Format Overflow in syslog()

This attack targets applications and software that uses the syslog() function insecurely. If an application does not explicitely use a format string parameter in a call to syslog(), user input can be placed in the format string parameter leading to a format string injection attack. Adversaries can then inject malicious format string commands into the function call leading to a buffer overflow. There are many reported software vulnerabilities with the root cause being a misuse of the syslog() function.