- Description
- An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS 6.4.0 through 6.4.15, FortiOS 6.2.0 through 6.2.16, FortiOS 6.0 all versions, FortiPAM 1.2.0, FortiPAM 1.1.0 through 1.1.2, FortiPAM 1.0.0 through 1.0.3, FortiProxy 7.4.0 through 7.4.2, FortiProxy 7.2.0 through 7.2.8, FortiProxy 7.0.0 through 7.0.15, FortiSwitchManager 7.2.0 through 7.2.3, FortiSwitchManager 7.0.0 through 7.0.3 allows an unauthenticated attacker to seize control of a managed device via crafted FGFM requests, if the device is managed by a FortiManager, and if the attacker knows that FortiManager's serial number.
- Source
- psirt@fortinet.com
- NVD status
- Modified
- Products
- fortiswitchmanager, fortiproxy, fortipam, fortios
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- psirt@fortinet.com
- CWE-288
- Hype score
- Not currently trending
⚠️ CVE-2024-26009: Fortinet (CVSS: 7.9)... Serial number enumeration turns into full device takeover via FGFM protocol abuse - classic Fortinet architecture fail ... https://t.co/vhgwdQq3CF #netsec #vulnerability #CVE #sysadmin #zeroday
@0dayPublishing
20 Apr 2026
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Múltiples vulnerabilidades en productos Fortinet ❗CVE-2025-25256 ❗CVE-2024-26009 ❗CVE-2025-52970 ➡️Más info: https://t.co/jyDzg1wpbv https://t.co/bJyIADpbEE
@CERTpy
18 Aug 2025
127 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 A high-severity authentication bypass (CVE-2024-26009) affects Fortinet systems (FortiOS, FortiProxy, FortiPAM, FortiSwitchManager) managed via FortiManager. Attackers can exploit the FGFM protocol to bypass authentication, requiring the FortiManager’s serial number. https
@IntCyberDigest
14 Aug 2025
145 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2024-26009 An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS version 6.4.0 through 6.4.15and before 6.2.16, FortiProxy ver… https://t.co/kBdOJYOq8y
@CVEnew
13 Aug 2025
334 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A020C2E-1DDB-4737-92D9-B125FFBE007A",
"versionEndExcluding": "7.0.4",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB0D2553-E4E6-454A-80F6-9D014A4710D3",
"versionEndExcluding": "7.2.4",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D14FBA88-C364-4911-BBE8-E289139BF1AF",
"versionEndExcluding": "7.0.16",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF62C95E-AB35-4A8E-84F8-5197E9D33C21",
"versionEndExcluding": "7.2.9",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A077234-F19C-4E87-A7A5-A266B5C903C7",
"versionEndExcluding": "7.4.3",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*",
"matchCriteriaId": "133A320C-2C5A-4E9D-A433-6C24F71A5FB0",
"versionEndIncluding": "1.2.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10332526-9457-4D1B-8AC1-60D6F7E749AF",
"versionEndExcluding": "6.2.17",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B481963F-0415-42C8-BB38-C1A8BDF4B9F7",
"versionEndExcluding": "6.4.16",
"versionStartIncluding": "6.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]