CVE-2024-26009
🟡 Monitoruj
Obejście uwierzytelnienia w FortiOS pozwala nieautoryzowanemu atakującemu przejąć kontrolę nad urządzeniem.
CVSS
8.1
EPSS
0.1%
Exploit
none
Vendor
fortinet
Opis źródłowy (NVD)
An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS 6.4.0 through 6.4.15, FortiOS 6.2.0 through 6.2.16, FortiOS 6.0 all versions, FortiPAM 1.2.0, FortiPAM 1.1.0 through 1.1.2, FortiPAM 1.0.0 through 1.0.3, FortiProxy 7.4.0 through 7.4.2, FortiProxy 7.2.0 through 7.2.8, FortiProxy 7.0.0 through 7.0.15, FortiSwitchManager 7.2.0 through 7.2.3, FortiSwitchManager 7.0.0 through 7.0.3 allows an unauthenticated attacker to seize control of a managed device via crafted FGFM requests, if the device is managed by a FortiManager, and if the attacker knows that FortiManager's serial number.
auth-bypass
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 8.1 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.1% |
| Opublikowano (NVD) | 2025-08-12 19:15:27 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-20 09:16:08 UTC |
Referencje
- https://fortiguard.fortinet.com/psirt/FG-IR-24-042 (psirt@fortinet.com) [Vendor Advisory]