Improper access control in FortiDeceptor
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-45326 |
| CWE-ID | CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
FortiDeceptor Client/Desktop applications / Other client software |
| Vendor | Fortinet, Inc |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper access control
EUVDB-ID: #VU107377
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45326
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to manipulate data.
The vulnerability exists due to improper access control on the central management appliance. An authenticated attacker with none privileges can perform operations on the central management appliance via crafted requests. .
MitigationInstall update from vendor's website.
Vulnerable software versionsFortiDeceptor: 5.0.0 - 6.0.0
CPE2.3- cpe:2.3:a:fortinet:fortideceptor:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:fortinet:fortideceptor:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:fortinet:fortideceptor:5.2.0:*:*:*:*:*:*:*
https://www.fortiguard.com/psirt/FG-IR-24-285
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
