CVE-2024-45326

An Improper Access Control vulnerability [CWE-284] vulnerability in Fortinet FortiDeceptor 6.0.0, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-285	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-01-14 14:15

Updated : 2026-02-04 14:16

NVD link : CVE-2024-45326

Mitre link : CVE-2024-45326

CVE.ORG link : CVE-2024-45326

JSON object : View

Products Affected

fortinet

fortideceptor

CWE

CWE-284

Improper Access Control

NVD-CWE-noinfo

{"id": "CVE-2024-45326", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-01-14T14:15:31.183", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-285", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-284"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An\u00a0Improper Access Control vulnerability [CWE-284] vulnerability in Fortinet FortiDeceptor 6.0.0, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests."}, {"lang": "es", "value": "Una vulnerabilidad de control de acceso inadecuado [CWE-284] en FortiDeceptor versi\u00f3n 6.0.0, versi\u00f3n 5.3.3 y anteriores, versi\u00f3n 5.2.1 y anteriores, versi\u00f3n 5.1.0, versi\u00f3n 5.0.0 puede permitir que un atacante autenticado sin privilegios realice operaciones en el dispositivo de administraci\u00f3n central a trav\u00e9s de solicitudes manipuladas."}], "lastModified": "2026-02-04T14:16:08.400", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19ED7397-1BD2-4C31-AA38-044A316CDD93", "versionEndExcluding": "6.0.1", "versionStartIncluding": "5.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}