CVE-2024-26008

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

A

n improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS version 7.4.0 through 7.4.3 and before 7.2.7, FortiProxy version 7.4.0 through 7.4.3 and before 7.2.9, FortiPAM before 1.2.0 and FortiSwitchManager version 7.2.0 through 7.2.3 and version 7.0.0 through 7.0.3 fgfm daemon may allow an unauthenticated attacker to repeatedly reset the fgfm connection via crafted SSL encrypted TCP requests.

References

Link	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-041	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::

Configuration 2 (hide)

cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:fortinet:fortiproxy::::::::
	cpe:2.3:a:fortinet:fortiproxy::::::::

Configuration 4 (hide)

OR	cpe:2.3:a:fortinet:fortiswitchmanager::::::::
	cpe:2.3:a:fortinet:fortiswitchmanager::::::::

History

15 Oct 2025, 17:39

Type	Values Removed	Values Added
First Time		Fortinet fortiproxy Fortinet fortipam Fortinet fortios Fortinet fortiswitchmanager Fortinet
CPE		cpe:2.3:o:fortinet:fortipam:::::::: cpe:2.3:a:fortinet:fortiswitchmanager:::::::: cpe:2.3:a:fortinet:fortiproxy:::::::: cpe:2.3:o:fortinet:fortios::::::::
References	~~() https://fortiguard.fortinet.com/psirt/FG-IR-24-041 -~~	() https://fortiguard.fortinet.com/psirt/FG-IR-24-041 - Vendor Advisory

14 Oct 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-10-14 16:15

Updated : 2025-10-15 17:39

NVD link : CVE-2024-26008

Mitre link : CVE-2024-26008

CVE.ORG link : CVE-2024-26008

JSON object : View

Products Affected

CWE

CWE-754

Improper Check for Unusual or Exceptional Conditions

{"id": "CVE-2024-26008", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-10-14T16:15:34.783", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-041", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-754"}]}], "descriptions": [{"lang": "en", "value": "An improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS version 7.4.0 through 7.4.3 and before 7.2.7, FortiProxy version 7.4.0 through 7.4.3 and before 7.2.9, FortiPAM before 1.2.0 and FortiSwitchManager version 7.2.0 through 7.2.3 and version 7.0.0 through 7.0.3 fgfm daemon may allow an unauthenticated attacker to repeatedly reset the fgfm connection via crafted SSL encrypted TCP requests."}], "lastModified": "2025-10-15T17:39:47.390", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "849D41D5-DBB6-4E77-B1F0-C71016531127", "versionEndExcluding": "7.2.8", "versionStartIncluding": "6.2.0"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FDDB5F3-D229-4208-9110-8860A03C8B59", "versionEndExcluding": "7.4.4", "versionStartIncluding": "7.4.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18427F16-7339-4A9E-9FA4-EC7A2D3EE218", "versionEndExcluding": "1.3.0", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85405C4E-811B-4773-BD2A-45F709B60A98", "versionEndExcluding": "7.2.10", "versionStartIncluding": "1.2.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F2C29AD-A11F-4A5F-8BB0-8600D5F77E72", "versionEndExcluding": "7.4.4", "versionStartIncluding": "7.4.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A020C2E-1DDB-4737-92D9-B125FFBE007A", "versionEndExcluding": "7.0.4", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB0D2553-E4E6-454A-80F6-9D014A4710D3", "versionEndExcluding": "7.2.4", "versionStartIncluding": "7.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}