CVE-2024-45326

An Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-285	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*

History

31 Jan 2025, 16:36

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de control de acceso inadecuado [CWE-284] en FortiDeceptor versión 6.0.0, versión 5.3.3 y anteriores, versión 5.2.1 y anteriores, versión 5.1.0, versión 5.0.0 puede permitir que un atacante autenticado sin privilegios realice operaciones en el dispositivo de administración central a través de solicitudes manipuladas.
CWE		NVD-CWE-noinfo
First Time		Fortinet fortideceptor Fortinet
CPE		cpe:2.3:a:fortinet:fortideceptor::::::::
References	~~() https://fortiguard.fortinet.com/psirt/FG-IR-24-285 -~~	() https://fortiguard.fortinet.com/psirt/FG-IR-24-285 - Vendor Advisory

14 Jan 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-14 14:15

Updated : 2025-01-31 16:36

NVD link : CVE-2024-45326

Mitre link : CVE-2024-45326

CVE.ORG link : CVE-2024-45326

JSON object : View

Products Affected

fortinet

fortideceptor

CWE

CWE-284

Improper Access Control

NVD-CWE-noinfo

{"id": "CVE-2024-45326", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-01-14T14:15:31.183", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-285", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-284"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An\u00a0Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests."}, {"lang": "es", "value": "Una vulnerabilidad de control de acceso inadecuado [CWE-284] en FortiDeceptor versi\u00f3n 6.0.0, versi\u00f3n 5.3.3 y anteriores, versi\u00f3n 5.2.1 y anteriores, versi\u00f3n 5.1.0, versi\u00f3n 5.0.0 puede permitir que un atacante autenticado sin privilegios realice operaciones en el dispositivo de administraci\u00f3n central a trav\u00e9s de solicitudes manipuladas."}], "lastModified": "2025-01-31T16:36:15.783", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19ED7397-1BD2-4C31-AA38-044A316CDD93", "versionEndExcluding": "6.0.1", "versionStartIncluding": "5.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}