Fortinet Releases Security Advisory for Authentication Bypass Vulnerability

CVE-2024-26009 could allow an unauthenticated attacker to perform full device compromise

Threat ID:: CC-4691
Threat Severity:: Medium
Published:: 13 August 2025 2:30 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

CVE-2024-26009 could allow an unauthenticated attacker to perform full device compromise

Affected platforms

The following platforms are known to be affected:

Fortinet FortiOS

6.0 all versions
6.2.0 to 6.2.16
6.4.0 to 6.4.15

Fortinet FortiGate

6.0 all versions
6.2.0 to 6.2.16
6.4.0 to 6.4.15

Fortinet FortiProxy

7.0.0 to 7.0.15
7.2.0 to 7.2.8
7.4.0 to 7.4.2

Fortinet FortiSwitch Manager

7.0.0 to 7.0.3
7.2.0 to 7.2.3

Fortinet FortiPAM

1.0 all versions
1.1 all versions
1.2 all versions

Threat details

Introduction

Fortinet has released a security advisory to address a high severity vulnerability affecting the FGFM (FortiGate to FortiManager) protocol in FortiOS (FortiGate), FortiPAM, FortiProxy, and FortiSwitchManager. Devices are only vulnerable if managed by a FortiManager.

CVE-2024-26009 - Weak Authentication — FGFM Protocol - CVSSv3 score: 7.9

Remediation advice

Affected organisations are encouraged to review the Fortinet PSIRT FG-IR-24-042 and apply the relevant updates as soon as possible.

Definitive source of threat updates

https://www.fortiguard.com/psirt/FG-IR-24-042

CVE Vulnerabilities

Status Published

CVE-2024-26009

An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS version 6.4.0 through 6.4.15 and before 6.2.16, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8 and before 7.0.15 & FortiPAM before version 1.2.0 allows an unauthenticated attacker to seize control of a managed device via crafted FGFM requests, if the device is managed by a FortiManager, and if the attacker knows that FortiManager's serial number.

Last edited: 13 August 2025 2:30 pm