Vulnerability Details CVE-2024-45329
A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view unauthorized device information via key modification in API requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.5%
CVSS Severity
CVSS v3 Score 4.3
Products affected by CVE-2024-45329
-
cpe:2.3:a:fortinet:fortiportal:7.0.0
-
cpe:2.3:a:fortinet:fortiportal:7.0.1
-
cpe:2.3:a:fortinet:fortiportal:7.0.2
-
cpe:2.3:a:fortinet:fortiportal:7.0.3
-
cpe:2.3:a:fortinet:fortiportal:7.0.4
-
cpe:2.3:a:fortinet:fortiportal:7.0.5
-
cpe:2.3:a:fortinet:fortiportal:7.0.6
-
cpe:2.3:a:fortinet:fortiportal:7.0.7
-
cpe:2.3:a:fortinet:fortiportal:7.0.8
-
cpe:2.3:a:fortinet:fortiportal:7.2.0
-
cpe:2.3:a:fortinet:fortiportal:7.2.1
-
cpe:2.3:a:fortinet:fortiportal:7.2.2
-
cpe:2.3:a:fortinet:fortiportal:7.2.4
-
cpe:2.3:a:fortinet:fortiportal:7.2.5
-
cpe:2.3:a:fortinet:fortiportal:7.4.0