CVE-2024-26008

MEDIUM

Fortinet Fortios < 7.2.8 - Improper Condition Check

Title source: rule

Description

An improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS version 7.4.0 through 7.4.3 and before 7.2.7, FortiProxy version 7.4.0 through 7.4.3 and before 7.2.9, FortiPAM before 1.2.0 and FortiSwitchManager version 7.2.0 through 7.2.3 and version 7.0.0 through 7.0.3 fgfm daemon may allow an unauthenticated attacker to repeatedly reset the fgfm connection via crafted SSL encrypted TCP requests.

References (1)

[Vendor Advisory] https://fortiguard.fortinet.com/psirt/FG-IR-24-041

Scores

CVSS v3 5.3

EPSS 0.0008

EPSS Percentile 22.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-754

Status published

Products (4)

fortinet/fortios 6.2.0 - 7.2.8

fortinet/fortipam 1.0.0 - 1.3.0

fortinet/fortiproxy 1.2.0 - 7.2.10

fortinet/fortiswitchmanager 7.0.0 - 7.0.4

Published Oct 14, 2025

Tracked Since Feb 18, 2026