CVE-2024-26009

EUVD-2024-23305

12.08.2025, 19:15

An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS 6.4.0 through 6.4.15, FortiOS 6.2.0 through 6.2.16, FortiOS 6.0 all versions, FortiPAM 1.2.0, FortiPAM 1.1.0 through 1.1.2, FortiPAM 1.0.0 through 1.0.3, FortiProxy 7.4.0 through 7.4.2, FortiProxy 7.2.0 through 7.2.8, FortiProxy 7.0.0 through 7.0.15, FortiSwitchManager 7.2.0 through 7.2.3, FortiSwitchManager 7.0.0 through 7.0.3 allows an unauthenticated attacker to seize control of a managed device via crafted FGFM requests, if the device is managed by a FortiManager, and if the attacker knows that FortiManager's serial number.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.1 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 31%

Affected Products (NVD)

Vendor	Product	Version
fortinet	fortiswitchmanager	7.0.0 ≤ 𝑥 < 7.0.4
fortinet	fortiswitchmanager	7.2.0 ≤ 𝑥 < 7.2.4
fortinet	fortiproxy	7.0.0 ≤ 𝑥 < 7.0.16
fortinet	fortiproxy	7.2.0 ≤ 𝑥 < 7.2.9
fortinet	fortiproxy	7.4.0 ≤ 𝑥 < 7.4.3
fortinet	fortipam	1.0.0 ≤ 𝑥 ≤ 1.2.0
fortinet	fortios	6.0.0 ≤ 𝑥 < 6.2.17
fortinet	fortios	6.4.0 ≤ 𝑥 < 6.4.16

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-288 - Authentication Bypass Using an Alternate Path or Channel
A product requires authentication, but the product has an alternate path or channel that does not require authentication.

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-042