CVE-2024-54021

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 14, 2025
CWE ID 113

Summary

CVE-2024-54021 is a vulnerability affecting Fortinet FortiOS 7.2.0 through 7.6.0 and FortiProxy 7.2.0 through 7.4.5. This issue involves an improper handling of CR LF sequences in HTTP headers, also known as 'http response splitting.' Exploitation of this vulnerability allows attackers to execute unauthorized code or commands by injecting crafted HTTP headers into targeted systems. This can result in serious security implications, including potential data breaches and unauthorized system access. Fortinet has released patches to address this vulnerability, and it is recommended that affected organizations apply these patches as soon as possible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share