CVE-2024-45329
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-10

Last updated on: 2025-07-22

Assigner: Fortinet, Inc.

Description
A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view unauthorized device information via key modification in API requests.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-10
Last Modified
2025-07-22
Generated
2026-05-07
AI Q&A
2025-06-10
EPSS Evaluated
2026-05-05
NVD
CVE-2024-45329
EUVD
EUVD-2025-17806
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
fortinet fortiportal From 7.0.0 (inc) to 7.0.9 (exc)
fortinet fortiportal From 7.2.0 (inc) to 7.2.6 (exc)
fortinet fortiportal 7.4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an authorization bypass in Fortinet FortiPortal versions 7.4.0, 7.2.0 through 7.2.5, and 7.0.0 through 7.0.8. It allows an authenticated attacker to view device information they are not authorized to access by modifying a user-controlled key in API requests.


How can this vulnerability impact me? :

An attacker who is authenticated can exploit this vulnerability to access unauthorized device information, potentially exposing sensitive data about devices managed by FortiPortal. This could lead to information disclosure risks within your network environment.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart