Published: 14/01/2025 Updated: 03/02/2025

HTTP Response Splitting in Fortinet FortiOS Enables Code Execution

Fortinet FortiOS versions 7.2.0 to 7.6.0 and FortiProxy versions 7.2.0 to 7.4.5 have a vulnerability of improper neutralization of CRLF sequences in HTTP headers, known as 'HTTP response splitting'. This lets an attacker execute unauthorized code or commands using a crafted HTTP header.

Please upgrade to FortiSASE version 24.3.c or above
Please upgrade to FortiOS version 7.6.1 or above
Please upgrade to FortiOS version 7.4.5 or above
Please upgrade to FortiOS version 7.2.9 or above
Please upgrade to FortiProxy version 7.4.6 or above
Please upgrade to FortiProxy version 7.2.12 or above

Vulnerable Product	Search on Vulmon	Subscribe to Product
fortinet fortios 7.6.0
fortinet fortios 7.4.4
fortinet fortios 7.4.3
fortinet fortios 7.4.2
fortinet fortios 7.4.1
fortinet fortios 7.4.0
fortinet fortios 7.2.8
fortinet fortios 7.2.7
fortinet fortios 7.2.6
fortinet fortios 7.2.5
fortinet fortios 7.2.4
fortinet fortios 7.2.3
fortinet fortios 7.2.2
fortinet fortios 7.2.1
fortinet fortios 7.2.0
fortinet fortios
fortinet fortiproxy

CWE-113 CWE-436 https://nvd.nist.gov https://www.first.org/epss https://fortiguard.fortinet.com/psirt/FG-IR-24-282

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-54021

Vulnerability Summary

Solution

Vulnerability Trend

References

Vulmon Search

About

Products

Connect