CVE-2024-54021: File-Filter Bypass in Explicit Web Proxy Policy
First published: Tue Jan 14 2025(Updated: )
An improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 allows attacker to execute unauthorized code or commands via crafted HTTP header.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiOS IPS Engine | =. | |
| Fortinet FortiOS IPS Engine | >=7.4.0<=7.4.4 | |
| Fortinet FortiOS IPS Engine | >=7.2.0<=7.2.8 | |
| Fortinet FortiProxy | >=7.4.0<=7.4.5 | |
| Fortinet FortiProxy | >=7.2.0<=7.2.11 | |
| Fortinet FortiProxy | >=7.2.0<7.2.12 | |
| Fortinet FortiProxy | >=7.4.0<7.4.6 | |
| Fortinet FortiOS IPS Engine | >=7.2.0<7.2.9 | |
| Fortinet FortiOS IPS Engine | >=7.4.0<7.4.5 | |
| Fortinet FortiOS IPS Engine | =7.6.0 |
Remedy
Please upgrade to FortiSASE version 24.3.c or above Please upgrade to FortiOS version 7.6.1 or above Please upgrade to FortiOS version 7.4.5 or above Please upgrade to FortiOS version 7.2.9 or above Please upgrade to FortiProxy version 7.4.6 or above Please upgrade to FortiProxy version 7.2.12 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-54021?
CVE-2024-54021 is classified as a high severity vulnerability due to its potential to allow unauthorized code execution.
How do I fix CVE-2024-54021?
To remediate CVE-2024-54021, update FortiOS to version 7.6.1 or later, or FortiProxy to version 7.4.6 or later depending on your specific installation.
What systems are affected by CVE-2024-54021?
CVE-2024-54021 affects Fortinet FortiOS versions 7.2.0 through 7.6.0 and FortiProxy versions 7.2.0 through 7.4.5.
What does CVE-2024-54021 exploit involve?
CVE-2024-54021 exploits improper neutralization of CRLF sequences in HTTP headers, enabling HTTP response splitting.
Can CVE-2024-54021 lead to data breaches?
Yes, CVE-2024-54021 could potentially lead to data breaches by allowing attackers to execute unauthorized commands through crafted HTTP headers.
- agent/remedy
- agent/type
- collector/fortiguard-psirt-latest
- source/FortiGuard
- alias/CVE-2024-54021
- agent/first-publish-date
- agent/title
- agent/references
- agent/description
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/event
- agent/softwarecombine
- agent/tags
- collector/fortiguard-psirt
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- vendor/fortinet
- canonical/fortinet fortios ips engine
- version/fortinet fortios ips engine/.
- version/fortinet fortios ips engine/7.4.0
- version/fortinet fortios ips engine/7.4.4
- version/fortinet fortios ips engine/7.2.0
- version/fortinet fortios ips engine/7.2.8
- canonical/fortinet fortiproxy
- version/fortinet fortiproxy/7.4.0
- version/fortinet fortiproxy/7.4.5
- version/fortinet fortiproxy/7.2.0
- version/fortinet fortiproxy/7.2.11
- version/fortinet fortios ips engine/7.6.0