CVE-2024-26010

Name of the Vulnerable Software and Affected Versions FortiPAM versions 1.0.0 through 1.1.2 FortiPAM version 1.2.0 FortiWeb (affected versions not specified) FortiAuthenticator (affected versions not specified) FortiSwitchManager versions 7.0.1 through 7.2.3 FortiOS versions 6.0.0 through 7.4.3 FortiProxy versions 1.0.0 through 7.4.2

Description The issue is related to a stack-based buffer overflow in the fgfmd daemon of Fortinet products. This can be exploited by a remote attacker to execute arbitrary code or commands via specially crafted packets. The vulnerability is associated with the disruption of the initial buffer boundary.

Recommendations For FortiPAM versions 1.0.0 through 1.1.2, update to a version outside of the affected range. For FortiPAM version 1.2.0, update to a version outside of the affected range. For FortiWeb, FortiAuthenticator, and FortiSwitchManager, restrict access to the fgfmd daemon until a patch is available. For FortiOS versions 6.0.0 through 7.4.3, update to a version outside of the affected range. For FortiProxy versions 1.0.0 through 7.4.2, update to a version outside of the affected range. As a temporary workaround, consider disabling the fgfmd daemon until a patch is available.