CVE-2024-54021

An improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 allows attacker to execute unauthorized code or commands via crafted HTTP header.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*

History

03 Feb 2025, 22:04

Type Values Removed Values Added
Summary
  • (es) Una neutralización incorrecta de las secuencias crlf en los encabezados http ("división de respuesta http") en Fortinet FortiOS 7.2.0 a 7.6.0, FortiProxy 7.2.0 a 7.4.5 permite a un atacante ejecutar código o comandos no autorizados a través del encabezado HTTP manipulado.
First Time Fortinet fortiproxy
Fortinet
Fortinet fortios
References () https://fortiguard.fortinet.com/psirt/FG-IR-24-282 - () https://fortiguard.fortinet.com/psirt/FG-IR-24-282 - Vendor Advisory
CPE cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
CWE CWE-436

14 Jan 2025, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-01-14 14:15

Updated : 2025-02-03 22:04


NVD link : CVE-2024-54021

Mitre link : CVE-2024-54021

CVE.ORG link : CVE-2024-54021


JSON object : View

Products Affected

fortinet

  • fortios
  • fortiproxy
CWE
CWE-113

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

CWE-436

Interpretation Conflict