CVE-2024-54021
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2024-54021 is a vulnerability affecting Fortinet FortiOS 7.2.0 through 7.6.0 and FortiProxy 7.2.0 through 7.4.5. This issue involves an improper handling of CR LF sequences in HTTP headers, also known as 'http response splitting.' Exploitation of this vulnerability allows attackers to execute unauthorized code or commands by injecting crafted HTTP headers into targeted systems. This can result in serious security implications, including potential data breaches and unauthorized system access. Fortinet has released patches to address this vulnerability, and it is recommended that affected organizations apply these patches as soon as possible.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.