#VU107377 Improper access control in FortiDeceptor - CVE-2024-45326
Published: April 11, 2025
Vulnerability identifier: #VU107377
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-45326
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
FortiDeceptor
FortiDeceptor
Software vendor:
Fortinet, Inc
Fortinet, Inc
Description
The vulnerability allows a remote authenticated user to manipulate data.
The vulnerability exists due to improper access control on the central management appliance. An authenticated attacker with none privileges can perform operations on the central management appliance via crafted requests. .
Remediation
Install update from vendor's website.