Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2024-54021

An improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 allows attacker to execute unauthorized code or commands via crafted HTTP header.

  • Published: Jan 14, 2025
  • Updated: May 4, 2025
  • CVE: CVE-2024-54021
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9.8
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

Software From Fixed in
fortinet / fortios 7.2.0 7.2.9
fortinet / fortios 7.6.0 7.6.0.x
fortinet / fortios 7.4.0 7.4.5
fortinet / fortiproxy 7.4.0 7.4.6
fortinet / fortiproxy 7.2.0 7.2.12