CVE-2024-45324 is a use of externally-controlled format string vulnerability (CWE-134) found in multiple Fortinet products, including FortiOS, FortiProxy, FortiPAM, FortiSRA, and FortiWeb. This vulnerability exists in FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15, and versions before 6.4.15, as well as corresponding versions of FortiProxy, FortiPAM, FortiSRA, and FortiWeb. The flaw allows a privileged attacker to execute unauthorized code or commands by sending specially crafted HTTP or HTTPS requests to the affected devices. The root cause is improper handling of format strings that are externally controlled, which can lead to memory corruption and arbitrary code execution. The vulnerability requires the attacker to have high privileges on the device, but does not require user interaction. The CVSS v3.1 base score is 7.0, indicating high severity, with network attack vector, low attack complexity, and full impact on confidentiality, integrity, and availability. No public exploits have been reported yet, but the vulnerability is critical due to the widespread use of Fortinet products in enterprise and critical infrastructure environments. The vulnerability could allow attackers to take full control of affected devices, potentially disrupting network security functions and exposing sensitive data.

For European organizations, this vulnerability poses a significant threat to network security infrastructure. Fortinet devices are widely deployed across enterprises, government agencies, and critical infrastructure sectors in Europe for firewalling, VPN, web application security, and privileged access management. Exploitation could lead to unauthorized code execution, allowing attackers to bypass security controls, intercept or manipulate sensitive communications, disrupt availability of security services, and potentially pivot to other internal systems. This could result in data breaches, operational disruptions, and loss of trust. Given the critical role of Fortinet devices in perimeter and internal network defense, successful exploitation could have cascading effects on organizational cybersecurity posture. The lack of known exploits currently provides a window for proactive mitigation, but the high severity and network accessibility mean that European organizations must act swiftly to prevent potential attacks.

Organizations should immediately identify and inventory all affected Fortinet products and versions within their environment. Applying vendor-provided patches or updates as soon as they become available is the most effective mitigation. Until patches are applied, network segmentation should be enforced to limit access to management interfaces of Fortinet devices. Access controls should be tightened to restrict privileged user access and monitor for unusual activity. Employing web application firewalls and intrusion detection/prevention systems to detect and block suspicious HTTP/HTTPS requests targeting Fortinet devices can reduce exploitation risk. Regularly audit device configurations and logs for signs of exploitation attempts. Additionally, organizations should implement multi-factor authentication for administrative access and ensure that devices are not exposed directly to untrusted networks. Coordinating with Fortinet support and subscribing to security advisories will help maintain awareness of updates and emerging threats related to this vulnerability.