Main Vulnerability Database Vulnerabilities #VU107377

Improper access control in FortiDeceptor - CVE-2024-45326

Published: April 11, 2025

Vulnerability identifier: #VU107377

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-45326

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
FortiDeceptor

Detailed vulnerability description

The vulnerability allows a remote authenticated user to manipulate data.

The vulnerability exists due to improper access control on the central management appliance. An authenticated attacker with none privileges can perform operations on the central management appliance via crafted requests. .

How to mitigate CVE-2024-45326

Install update from vendor's website.

Sources

https://www.fortiguard.com/psirt/FG-IR-24-285

Improper access control in FortiDeceptor - CVE-2024-45326

Detailed vulnerability description

How to mitigate CVE-2024-45326

Sources

Please verify you're human