CVE-2024-45326

An Improper Access Control vulnerability [CWE-284] vulnerability in Fortinet FortiDeceptor 6.0.0, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-285	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*

History

04 Feb 2026, 14:16

Type	Values Removed	Values Added
Summary	(en) An Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests.	(en) An Improper Access Control vulnerability [CWE-284] vulnerability in Fortinet FortiDeceptor 6.0.0, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests.

31 Jan 2025, 16:36

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de control de acceso inadecuado [CWE-284] en FortiDeceptor versión 6.0.0, versión 5.3.3 y anteriores, versión 5.2.1 y anteriores, versión 5.1.0, versión 5.0.0 puede permitir que un atacante autenticado sin privilegios realice operaciones en el dispositivo de administración central a través de solicitudes manipuladas.
First Time		Fortinet Fortinet fortideceptor
References	~~() https://fortiguard.fortinet.com/psirt/FG-IR-24-285 -~~	() https://fortiguard.fortinet.com/psirt/FG-IR-24-285 - Vendor Advisory
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:fortinet:fortideceptor::::::::

14 Jan 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-14 14:15

Updated : 2026-02-04 14:16

NVD link : CVE-2024-45326

Mitre link : CVE-2024-45326

CVE.ORG link : CVE-2024-45326

JSON object : View

Products Affected

fortinet

fortideceptor

CWE

CWE-284

Improper Access Control

NVD-CWE-noinfo

4.3 /10