CVE-2024-45326

Summary

An Improper Access Control vulnerability [CWE-284] vulnerability in Fortinet FortiDeceptor 6.0.0, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiDeceptor6.0.0affected
FortinetFortiDeceptor5.3.0 <= 5.3.4affected
FortinetFortiDeceptor5.2.0 <= 5.2.2affected
FortinetFortiDeceptor5.1.0affected
FortinetFortiDeceptor5.0.0affected

Weaknesses

  • CWE-284: Improper access control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References