CVE-2024-26008

An improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS version 7.4.0 through 7.4.3 and before 7.2.7, FortiProxy version 7.4.0 through 7.4.3 and before 7.2.9, FortiPAM before 1.2.0 and FortiSwitchManager version 7.2.0 through 7.2.3 and version 7.0.0 through 7.0.3 fgfm daemon may allow an unauthenticated attacker to repeatedly reset the fgfm connection via crafted SSL encrypted TCP requests.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-041	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::

Configuration 2 (hide)

cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:fortinet:fortiproxy::::::::
	cpe:2.3:a:fortinet:fortiproxy::::::::

Configuration 4 (hide)

OR	cpe:2.3:a:fortinet:fortiswitchmanager::::::::
	cpe:2.3:a:fortinet:fortiswitchmanager::::::::

History

15 Oct 2025, 17:39

Type	Values Removed	Values Added
First Time		Fortinet fortios Fortinet fortipam Fortinet fortiswitchmanager Fortinet fortiproxy Fortinet
References	~~() https://fortiguard.fortinet.com/psirt/FG-IR-24-041 -~~	() https://fortiguard.fortinet.com/psirt/FG-IR-24-041 - Vendor Advisory
CPE		cpe:2.3:a:fortinet:fortiproxy:::::::: cpe:2.3:o:fortinet:fortipam:::::::: cpe:2.3:a:fortinet:fortiswitchmanager:::::::: cpe:2.3:o:fortinet:fortios::::::::

14 Oct 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-10-14 16:15

Updated : 2025-10-15 17:39

NVD link : CVE-2024-26008

Mitre link : CVE-2024-26008

CVE.ORG link : CVE-2024-26008

JSON object : View

Products Affected

fortinet

fortios
fortipam
fortiswitchmanager
fortiproxy

CWE

CWE-754

Improper Check for Unusual or Exceptional Conditions

{"id": "CVE-2024-26008", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-10-14T16:15:34.783", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-041", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-754"}]}], "descriptions": [{"lang": "en", "value": "An improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS version 7.4.0 through 7.4.3 and before 7.2.7, FortiProxy version 7.4.0 through 7.4.3 and before 7.2.9, FortiPAM before 1.2.0 and FortiSwitchManager version 7.2.0 through 7.2.3 and version 7.0.0 through 7.0.3 fgfm daemon may allow an unauthenticated attacker to repeatedly reset the fgfm connection via crafted SSL encrypted TCP requests."}], "lastModified": "2025-10-15T17:39:47.390", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "849D41D5-DBB6-4E77-B1F0-C71016531127", "versionEndExcluding": "7.2.8", "versionStartIncluding": "6.2.0"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FDDB5F3-D229-4208-9110-8860A03C8B59", "versionEndExcluding": "7.4.4", "versionStartIncluding": "7.4.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18427F16-7339-4A9E-9FA4-EC7A2D3EE218", "versionEndExcluding": "1.3.0", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85405C4E-811B-4773-BD2A-45F709B60A98", "versionEndExcluding": "7.2.10", "versionStartIncluding": "1.2.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F2C29AD-A11F-4A5F-8BB0-8600D5F77E72", "versionEndExcluding": "7.4.4", "versionStartIncluding": "7.4.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A020C2E-1DDB-4737-92D9-B125FFBE007A", "versionEndExcluding": "7.0.4", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB0D2553-E4E6-454A-80F6-9D014A4710D3", "versionEndExcluding": "7.2.4", "versionStartIncluding": "7.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}