CVE-2024-54021

Summary

An Improper Neutralization of CRLF Sequences in HTTP Headers ('http response splitting') vulnerability [CWE-113] in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a remote unauthenticated attacker to bypass the file filter via crafted HTTP headers.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiOS7.6.0affected
FortinetFortiOS7.4.0 <= 7.4.4affected
FortinetFortiOS7.2.0 <= 7.2.8affected
FortinetFortiProxy7.4.0 <= 7.4.5affected
FortinetFortiProxy7.2.0 <= 7.2.11affected

Weaknesses

  • CWE-113: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References