FKIE_CVE-2024-26013

Vulnerability from fkie_nvd - Published: 2025-04-08 14:15 - Updated: 2025-07-25 15:22
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and before 7.0.15, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2 before 6.4.8 and Fortinet FortiWeb before 7.4.2 may allow an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device
References
psirt@fortinet.comhttps://fortiguard.fortinet.com/psirt/FG-IR-24-046Vendor Advisory
Impacted products
Vendor Product Version
fortinet fortianalyzer *
fortinet fortianalyzer *
fortinet fortianalyzer *
fortinet fortianalyzer *
fortinet fortianalyzer *
fortinet fortimanager *
fortinet fortimanager *
fortinet fortimanager *
fortinet fortimanager *
fortinet fortimanager *
fortinet fortios *
fortinet fortios *
fortinet fortios *
fortinet fortiproxy *
fortinet fortiproxy *
fortinet fortiproxy *
fortinet fortivoice *
fortinet fortivoice *
fortinet fortiweb *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "56B15D54-021D-47E8-969C-7C98230ADCBB",
              "versionEndExcluding": "6.2.14",
              "versionStartIncluding": "6.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34F71CF0-4C81-4261-BDA8-30287969D137",
              "versionEndExcluding": "6.4.15",
              "versionStartIncluding": "6.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "235896CC-EBDA-4787-9AC9-80B90E8FA55B",
              "versionEndExcluding": "7.0.12",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F3D28A9-5CFD-4838-9630-D6E09FB63CE1",
              "versionEndExcluding": "7.2.5",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF309EFD-1770-44AF-B192-3D9816F792CB",
              "versionEndExcluding": "7.4.3",
              "versionStartIncluding": "7.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "398B5E77-7DB2-4223-92A2-E72279878C1F",
              "versionEndExcluding": "6.2.14",
              "versionStartIncluding": "6.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2AD66B0-9C99-4F83-80AA-B54E6354ADFD",
              "versionEndExcluding": "6.4.15",
              "versionStartIncluding": "6.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "56DC03E9-D1CF-4273-AF2F-5EB3B8E2D54B",
              "versionEndExcluding": "7.0.12",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4763E504-6974-42C5-B912-3E62A9CC312A",
              "versionEndExcluding": "7.2.5",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4490512-36ED-4212-9D34-D74739A56E84",
              "versionEndExcluding": "7.4.3",
              "versionStartIncluding": "7.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0532A5-31F2-4A92-BF31-6003E28AC948",
              "versionEndExcluding": "7.0.16",
              "versionStartIncluding": "6.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "678EB0FA-2B29-4108-8378-C4803A543193",
              "versionEndExcluding": "7.2.9",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A71AD879-997D-4787-A1E9-E4132AC521E2",
              "versionEndExcluding": "7.4.5",
              "versionStartIncluding": "7.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD813AFF-5190-48A3-A0F8-F19C4D8EB716",
              "versionEndExcluding": "7.0.16",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDFFA2C3-0A23-4884-B751-785BE598DFF3",
              "versionEndExcluding": "7.2.10",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A077234-F19C-4E87-A7A5-A266B5C903C7",
              "versionEndExcluding": "7.4.3",
              "versionStartIncluding": "7.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C97B8181-C602-4E70-B3EA-CBE1FA62A220",
              "versionEndExcluding": "6.4.9",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83F60EE7-4C70-415B-899C-8FCC1D35C156",
              "versionEndExcluding": "7.0.3",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B35B6E72-8578-4C35-80CF-66D0B74DAFC4",
              "versionEndExcluding": "7.4.3",
              "versionStartIncluding": "7.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and before 7.0.15, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2 before 6.4.8 and Fortinet FortiWeb before 7.4.2 may allow an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device"
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de restricci\u00f3n indebida del canal de comunicaci\u00f3n a los endpoints previstos [CWE-923] en Fortinet FortiOS versi\u00f3n 7.4.0 a 7.4.4, 7.2.0 a 7.2.8, 7.0.0 a 7.0.15, 6.4.0 a 6.4.15 y anteriores a 6.2.16, Fortinet FortiProxy versi\u00f3n 7.4.0 a 7.4.2, 7.2.0 a 7.2.9 y anteriores a 7.0.15, Fortinet FortiManager versi\u00f3n 7.4.0 a 7.4.2, 7.2.0 a 7.2.4, 7.0.0 a 7.0.11, 6.4.0 a 6.4.14 y anteriores a 6.2.13, Fortinet FortiAnalyzer versi\u00f3n 7.4.0 a 7.4.2, Las versiones 7.2.0 a 7.2.4, 7.0.0 a 7.0.11, 6.4.0 a 6.4.14 y anteriores a 6.2.13, Fortinet FortiVoice versi\u00f3n 7.0.0 a 7.0.2 anteriores a 6.4.8 y Fortinet FortiWeb anterior a 7.4.2 pueden permitir que un atacante no autenticado en una posici\u00f3n intermedia se haga pasar por el dispositivo de administraci\u00f3n (servidor FortiCloud y/o en ciertas condiciones, FortiManager), al interceptar la solicitud de autenticaci\u00f3n FGFM entre el dispositivo de administraci\u00f3n y el dispositivo administrado."
    }
  ],
  "id": "CVE-2024-26013",
  "lastModified": "2025-07-25T15:22:20.997",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "psirt@fortinet.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-04-08T14:15:30.863",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-046"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-923"
        }
      ],
      "source": "psirt@fortinet.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.