CVE-2024-45326
First published: Tue Jan 14 2025(Updated: )
An Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiDeceptor | <5.3.3<5.2.1 | |
| Fortinet FortiDeceptor | >=5.0.0<6.0.1 |
Remedy
Please upgrade to FortiDeceptor version 6.1.0 or above Please upgrade to FortiDeceptor version 6.0.1 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-45326?
CVE-2024-45326 has been classified as having a high severity due to its potential impact on access control.
How do I fix CVE-2024-45326?
To fix CVE-2024-45326, upgrade to FortiDeceptor version 6.0.1 or later.
What versions of FortiDeceptor are affected by CVE-2024-45326?
CVE-2024-45326 affects FortiDeceptor versions 5.3.3 and below, as well as 5.2.1 and earlier.
Who is impacted by CVE-2024-45326?
Authenticated users with no privileges on affected FortiDeceptor versions can exploit CVE-2024-45326.
What type of vulnerability is CVE-2024-45326?
CVE-2024-45326 is categorized as an Improper Access Control vulnerability.
- agent/remedy
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- agent/event
- collector/nvd-api
- source/NVD
- vendor/fortinet
- canonical/fortinet fortideceptor
- version/fortinet fortideceptor/5.0.0