CVE-2024-26008

Summary

An improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS version 7.4.0 through 7.4.3 and before 7.2.7, FortiProxy version 7.4.0 through 7.4.3 and before 7.2.9, FortiPAM before 1.2.0 and FortiSwitchManager version 7.2.0 through 7.2.3 and version 7.0.0 through 7.0.3 fgfm daemon may allow an unauthenticated attacker to repeatedly reset the fgfm connection via crafted SSL encrypted TCP requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiProxy7.4.0 <= 7.4.3affected
FortinetFortiProxy7.2.0 <= 7.2.9affected
FortinetFortiProxy7.0.0 <= 7.0.22affected
FortinetFortiProxy2.0.0 <= 2.0.14affected
FortinetFortiProxy1.2.0 <= 1.2.13affected
FortinetFortiPAM1.2.0affected
FortinetFortiPAM1.1.0 <= 1.1.2affected
FortinetFortiPAM1.0.0 <= 1.0.3affected
FortinetFortiOS7.4.0 <= 7.4.3affected
FortinetFortiOS7.2.0 <= 7.2.7affected
FortinetFortiOS7.0.0 <= 7.0.18affected
FortinetFortiOS6.4.0 <= 6.4.16affected
FortinetFortiOS6.2.0 <= 6.2.17affected
FortinetFortiSwitchManager7.2.0 <= 7.2.3affected
FortinetFortiSwitchManager7.0.0 <= 7.0.3affected

Weaknesses

  • CWE-754: Denial of service

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References