{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45326", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2024-08-27T06:43:07.250Z", "datePublished": "2025-01-14T14:09:55.772Z", "dateUpdated": "2025-01-14T20:53:58.952Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiDeceptor", "cpes": [], "defaultStatus": "unaffected", "versions": [{"version": "6.0.0", "status": "affected"}, {"versionType": "semver", "version": "5.3.0", "lessThanOrEqual": "5.3.3", "status": "affected"}, {"versionType": "semver", "version": "5.2.0", "lessThanOrEqual": "5.2.1", "status": "affected"}, {"version": "5.1.0", "status": "affected"}, {"version": "5.0.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An\u00a0Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-01-14T14:09:55.772Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-284", "description": "Improper access control", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiDeceptor version 6.1.0 or above \nPlease upgrade to FortiDeceptor version 6.0.1 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-285", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-285"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-14T15:14:59.021895Z", "id": "CVE-2024-45326", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-14T20:53:58.952Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45326", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-14T15:14:59.021895Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-14T15:15:01.050Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.9, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"cpes": [], "vendor": "Fortinet", "product": "FortiDeceptor", "versions": [{"status": "affected", "version": "6.0.0"}, {"status": "affected", "version": "5.3.0", "versionType": "semver", "lessThanOrEqual": "5.3.3"}, {"status": "affected", "version": "5.2.0", "versionType": "semver", "lessThanOrEqual": "5.2.1"}, {"status": "affected", "version": "5.1.0"}, {"status": "affected", "version": "5.0.0"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiDeceptor version 6.1.0 or above \nPlease upgrade to FortiDeceptor version 6.0.1 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-285", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-285"}], "descriptions": [{"lang": "en", "value": "An\u00a0Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "Improper access control"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-01-14T14:09:55.772Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45326", "state": "PUBLISHED", "dateUpdated": "2025-01-14T20:53:58.952Z", "dateReserved": "2024-08-27T06:43:07.250Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2025-01-14T14:09:55.772Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An\u00a0Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests."}], "id": "CVE-2024-45326", "lastModified": "2025-01-14T14:15:31.183", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@fortinet.com", "type": "Secondary"}]}, "published": "2025-01-14T14:15:31.183", "references": [{"source": "psirt@fortinet.com", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-285"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "psirt@fortinet.com", "type": "Primary"}]}

{}