Improper Communication Channel Restriction in Fortinet FortiOS and Related Products
CVE-2024-26013

7.1HIGH

Key Information:

Vendor

Fortinet
Status
Fortiproxy
Fortimanager
FortiOS
Vendor
CVE Published:
8 April 2025

What is CVE-2024-26013?

An improper restriction of communication channel vulnerability in Fortinet products allows unauthenticated attackers positioned in a man-in-the-middle role to impersonate vital management devices, such as FortiCloud or FortiManager, by intercepting FGFM authentication requests between managed and management devices. This flaw affects multiple versions of FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiVoice, and FortiWeb, potentially leading to unauthorized access and control over network configurations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FortiManager 7.4.0 <= 7.4.2

FortiManager 7.2.0 <= 7.2.4

FortiManager 7.0.0 <= 7.0.11

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-046

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.