CVE-2024-54021 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2024-54021

Analyzed

More Info Official Page

Source-psirt@fortinet.com

Published At-14 Jan, 2025 | 14:15

Updated At-08 Aug, 2025 | 16:03

An Improper Neutralization of CRLF Sequences in HTTP Headers ('http response splitting') vulnerability [CWE-113] in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a remote unauthenticated attacker to bypass the file filter via crafted HTTP headers.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Primary	3.1	5.8	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CPE Matches

>>fortiproxy>>Versions from 7.2.0(inclusive) to 7.2.12(exclusive)

cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

>>fortiproxy>>Versions from 7.4.0(inclusive) to 7.4.6(exclusive)

cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

>>fortios>>Versions from 7.2.0(inclusive) to 7.2.9(exclusive)

cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

>>fortios>>Versions from 7.4.0(inclusive) to 7.4.5(exclusive)

cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

>>fortios>>7.6.0

cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-113	Secondary	psirt@fortinet.com

References

Hyperlink	Source	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-282	psirt@fortinet.com	Vendor Advisory