Improper access control on the central management appliance

Improper access control on the central management appliance Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-24-285 Final 1 1 2025-01-14T00:00:00 Current version 2025-01-14T00:00:00 2025-01-14T00:00:00 An Improper Access Control vulnerability [CWE-284] in FortiDeceptor may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests. None Improper access control None Fortinet is pleased to thank Mister Thomas SAUTIER for reporting this vulnerability under responsible disclosure. FortiDeceptor 6.0.0 FortiDeceptor 5.3.4 FortiDeceptor 5.3.3 FortiDeceptor 5.3.2 FortiDeceptor 5.3.1 FortiDeceptor 5.3.0 FortiDeceptor 5.2.2 FortiDeceptor 5.2.1 FortiDeceptor 5.2.0 FortiDeceptor 5.1.0 FortiDeceptor 5.0.0 Improper access control on the central management appliance CVE-2024-45326 FortiDeceptor-6.0.0 FortiDeceptor-5.3.4 FortiDeceptor-5.3.3 FortiDeceptor-5.3.2 FortiDeceptor-5.3.1 FortiDeceptor-5.3.0 FortiDeceptor-5.2.2 FortiDeceptor-5.2.1 FortiDeceptor-5.2.0 FortiDeceptor-5.1.0 FortiDeceptor-5.0.0 3.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R https://fortiguard.fortinet.com/psirt/FG-IR-24-285 Improper access control on the central management appliance Reference>