CVE-2024-45324 is a use of externally-controlled format string vulnerability (CWE-134) identified in multiple Fortinet products, including FortiPAM, FortiOS, FortiProxy, FortiSRA, and FortiWeb. The flaw exists in specific versions: FortiOS 6.4.0 to before 6.4.15, 7.0.0 to 7.0.15, 7.2.0 to 7.2.9, and 7.4.0 to 7.4.4; FortiProxy 7.0.0 to before 7.0.19, 7.2.0 to 7.2.12, and 7.4.0 to 7.4.6; FortiPAM 1.0.0 through 1.4.2; FortiSRA 1.3.1 through 1.4.2; and FortiWeb 7.0.0 to before 7.0.10, 7.2.0 to 7.2.10, and 7.4.0 to 7.4.5. The vulnerability allows a privileged attacker to execute unauthorized code or commands by sending specially crafted HTTP or HTTPS requests that exploit the format string flaw. This type of vulnerability can lead to arbitrary code execution, potentially allowing attackers to take full control of the affected system. The CVSS v3.1 base score is 7.0, indicating high severity, with attack vector being network, low attack complexity, requiring high privileges but no user interaction, and impacting confidentiality, integrity, and availability. No known exploits have been reported in the wild yet. The vulnerability affects critical Fortinet security and access management products widely deployed in enterprise and government environments.

The impact of CVE-2024-45324 is significant for organizations using affected Fortinet products. Successful exploitation can lead to unauthorized code execution, enabling attackers to compromise system confidentiality, integrity, and availability. This could result in data breaches, disruption of security controls, unauthorized access to sensitive credentials managed by FortiPAM, and potential lateral movement within networks. Given FortiPAM’s role in privileged access management, exploitation could severely undermine an organization's security posture by exposing privileged credentials. The network-based attack vector and lack of required user interaction increase the risk of remote exploitation. Organizations relying on Fortinet products for perimeter defense, access management, and web application security are particularly vulnerable, potentially affecting critical infrastructure, financial institutions, and government agencies worldwide.

Organizations should immediately identify and inventory all affected Fortinet products and versions in their environment. Apply vendor-supplied patches or updates as soon as they become available to remediate the vulnerability. Until patches are deployed, restrict network access to management interfaces of Fortinet products to trusted IP addresses only, using network segmentation and firewall rules. Enable and monitor detailed logging and alerting for unusual HTTP/HTTPS requests targeting Fortinet devices. Employ intrusion detection/prevention systems (IDS/IPS) with updated signatures to detect exploitation attempts. Conduct regular privileged access reviews and enforce the principle of least privilege to limit the impact of compromised credentials. Additionally, consider deploying web application firewalls (WAFs) to filter malicious input and reduce attack surface. Maintain robust incident response plans to quickly address potential exploitation.