PT-2025-32870 · Fortinet · Fortiproxy+2
Published
2025-08-12
·
Updated
2026-04-20
·
CVE-2024-26009
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Fortinet FortiOS versions 6.4.0 through 6.4.15 and versions prior to 6.2.16
Fortinet FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8 and versions prior to 7.0.15
Fortinet FortiPAM versions prior to 1.2.0
Description:
An authentication bypass using an alternate path or channel allows an unauthenticated attacker to take control of a managed device via crafted FGFM requests. This is possible if the device is managed by a FortiManager and the attacker knows the FortiManager's serial number.
Recommendations:
Fortinet FortiOS versions 6.4.0 through 6.4.15 and versions prior to 6.2.16: Update to a version after 6.2.16 or a later release.
Fortinet FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8 and versions prior to 7.0.15: Update to a version after 7.0.15 or a later release.
Fortinet FortiPAM versions prior to 1.2.0: Update to version 1.2.0 or a later release.
Fix
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortios
Fortipam
Fortiproxy