CVE-2024-26013

Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 6.2.16 and prior, 6.4.0 through 6.4.15 Fortinet FortiOS versions 7.0.0 through 7.0.15 Fortinet FortiOS versions 7.2.0 through 7.2.8 Fortinet FortiOS versions 7.4.0 through 7.4.4 Fortinet FortiProxy versions 7.0.15 and prior, 7.2.0 through 7.2.9 Fortinet FortiProxy versions 7.4.0 through 7.4.2 Fortinet FortiManager versions 6.2.13 and prior, 6.4.0 through 6.4.14 Fortinet FortiManager versions 7.0.0 through 7.0.11 Fortinet FortiManager versions 7.2.0 through 7.2.4 Fortinet FortiManager versions 7.4.0 through 7.4.2 Fortinet FortiAnalyzer versions 6.2.13 and prior, 6.4.0 through 6.4.14 Fortinet FortiAnalyzer versions 7.0.0 through 7.0.11 Fortinet FortiAnalyzer versions 7.2.0 through 7.2.4 Fortinet FortiAnalyzer versions 7.4.0 through 7.4.2 Fortinet FortiVoice versions 6.4.8 and prior, 7.0.0 through 7.0.2 Fortinet FortiWeb version 7.4.2 and prior

Description: The issue is related to an improper restriction of communication channel to intended endpoints, which may allow an unauthenticated attacker in a man-in-the-middle position to impersonate the management device, such as the FortiCloud server or FortiManager, by intercepting the FGFM authentication request between the management device and the managed device.

Recommendations: For Fortinet FortiOS versions 6.2.16 and prior, 6.4.0 through 6.4.15, update to a version that includes the fix for this issue. For Fortinet FortiOS versions 7.0.0 through 7.0.15, update to a version that includes the fix for this issue. For Fortinet FortiOS versions 7.2.0 through 7.2.8, update to a version that includes the fix for this issue. For Fortinet FortiOS versions 7.4.0 through 7.4.4, update to a version that includes the fix for this issue. For Fortinet FortiProxy versions 7.0.15 and prior, 7.2.0 through 7.2.9, update to a version that includes the fix for this issue. For Fortinet FortiProxy versions 7.4.0 through 7.4.2, update to a version that includes the fix for this issue. For Fortinet FortiManager versions 6.2.13 and prior, 6.4.0 through 6.4.14, update to a version that includes the fix for this issue. For Fortinet FortiManager versions 7.0.0 through 7.0.11, update to a version that includes the fix for this issue. For Fortinet FortiManager versions 7.2.0 through 7.2.4, update to a version that includes the fix for this issue. For Fortinet FortiManager versions 7.4.0 through 7.4.2, update to a version that includes the fix for this issue. For Fortinet FortiAnalyzer versions 6.2.13 and prior, 6.4.0 through 6.4.14, update to a version that includes the fix for this issue. For Fortinet FortiAnalyzer versions 7.0.0 through 7.0.11, update to a version that includes the fix for this issue. For Fortinet FortiAnalyzer versions 7.2.0 through 7.2.4, update to a version that includes the fix for this issue. For Fortinet FortiAnalyzer versions 7.4.0 through 7.4.2, update to a version that includes the fix for this issue. For Fortinet FortiVoice versions 6.4.8 and prior, 7.0.0 through 7.0.2, update to a version that includes the fix for this issue. For Fortinet FortiWeb version 7.4.2 and prior, update to a version that includes the fix for this issue.