We are reaching out to inform you about a recently discovered vulnerability affecting Fortinet FortiOS products, including firewalls and other network hardware. To better understand the critical role firewalls play in protecting business environments, we encourage you to read our latest blog post here.
This vulnerability has been classified as high in severity, though it stems from a previous FortiOS update. If you have already applied the updates as per our previous communication, you may already be protected against this issue. However, Huon IT strongly recommends that you ensure your hardware is running the latest patched version to maintain optimal security.
Current Vulnerability:
CVE-2024-45324: A use of externally-controlled format string vulnerability [CWE-134] in FortiOS, FortiProxy, FortiPAM, FortiSRA, and FortiWeb may allow a privileged attacker to execute unauthorized commands or code via specially crafted HTTP or HTTPS requests.
For more detailed information on this vulnerability, please refer to the official Fortinet notification here: Fortinet Notification
Below is a table listing the patched FortiOS versions:
These vulnerabilities impact most FortiGate devices running FortiOS, including FortiGates, FortiSwitches, FortiAPs, and more.
For a full list of the vulnerabilities, you can visit the FortiGuard website here: FortiGuard Vulnerabilities."