CVE-2024-26008
BaseFortify
Publication date: 2025-10-14
Last updated on: 2025-10-15
Assigner: Fortinet, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fortinet | fortios | From 7.4.0 (inc) to 7.4.9 (inc) |
| fortinet | fortios | From 7.4.0 (inc) to 7.4.9 (inc) |
| fortinet | fortipam | From 1.0.0 (inc) to 1.3.0 (exc) |
| fortinet | fortiproxy | From 7.6.0 (inc) to 7.6.4 (inc) |
| fortinet | fortiproxy | From 7.6.0 (inc) to 7.6.4 (inc) |
| fortinet | fortiswitchmanager | From 7.2.0 (inc) to 7.2.7 (inc) |
| fortinet | fortiswitchmanager | From 7.2.0 (inc) to 7.2.7 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-754 | The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper check or handling of exceptional conditions (CWE-703) in certain Fortinet products' fgfm daemon. It affects FortiOS versions 7.4.0 through 7.4.3 and before 7.2.7, FortiProxy versions 7.4.0 through 7.4.3 and before 7.2.9, FortiPAM before 1.2.0, and FortiSwitchManager versions 7.2.0 through 7.2.3 and 7.0.0 through 7.0.3. An unauthenticated attacker can exploit this by sending crafted SSL encrypted TCP requests to repeatedly reset the fgfm connection.
How can this vulnerability impact me? :
The vulnerability allows an unauthenticated attacker to repeatedly reset the fgfm connection, which can lead to denial of service or disruption of normal communication between Fortinet devices and management systems. This can impact availability but does not affect confidentiality or integrity.