{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45329", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2024-08-27T06:43:07.250Z", "datePublished": "2025-06-10T16:36:06.068Z", "dateUpdated": "2025-06-10T19:40:21.931Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiPortal", "cpes": ["cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "7.4.0", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.5", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.8", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view unauthorized device information via key modification in API requests."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-06-10T16:36:06.068Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-639", "description": "Improper access control", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiPortal version 7.4.1 or above \nPlease upgrade to FortiPortal version 7.2.6 or above \nPlease upgrade to FortiPortal version 7.0.9 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-274", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-274"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-10T19:30:20.665281Z", "id": "CVE-2024-45329", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-10T19:40:21.931Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45329", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-10T19:30:20.665281Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-10T19:30:22.309Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.9, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiPortal", "versions": [{"status": "affected", "version": "7.4.0"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.5"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.8"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiPortal version 7.4.1 or above \nPlease upgrade to FortiPortal version 7.2.6 or above \nPlease upgrade to FortiPortal version 7.0.9 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-274", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-274"}], "descriptions": [{"lang": "en", "value": "A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view unauthorized device information via key modification in API requests."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "Improper access control"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-06-10T16:36:06.068Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45329", "state": "PUBLISHED", "dateUpdated": "2025-06-10T19:40:21.931Z", "dateReserved": "2024-08-27T06:43:07.250Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2025-06-10T16:36:06.068Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB9E106C-E997-40D4-B368-1E9554E5A9F7", "versionEndExcluding": "7.0.9", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA765E03-8943-42BB-AACC-F3C918B8F2EE", "versionEndExcluding": "7.2.6", "versionStartIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "957DAED4-8BE8-49A8-BEFA-2C419824895A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view unauthorized device information via key modification in API requests."}, {"lang": "es", "value": "Una omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de una clave controlada por el usuario en Fortinet FortiPortal versiones 7.4.0, 7.2.0 a 7.2.5 y 7.0.0 a 7.0.8 puede permitir que un atacante autenticado vea informaci\u00f3n no autorizada del dispositivo a trav\u00e9s de la modificaci\u00f3n de la clave en las solicitudes API."}], "id": "CVE-2024-45329", "lastModified": "2025-07-22T21:24:55.703", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@fortinet.com", "type": "Secondary"}]}, "published": "2025-06-10T17:19:25.083", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-274"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "psirt@fortinet.com", "type": "Primary"}]}

{}