CVE-2024-26008

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.4.0 through 7.4.3 and prior to 7.2.7 FortiProxy versions 7.4.0 through 7.4.3 and prior to 7.2.9 FortiPAM versions prior to 1.2.0 FortiSwitchManager versions 7.2.0 through 7.2.3 and 7.0.0 through 7.0.3

Description An improper check or handling of exceptional conditions exists in the fgfm daemon. An unauthenticated attacker can repeatedly reset the fgfm connection by sending crafted SSL encrypted TCP requests.

Recommendations Update FortiOS to version 7.2.7 or later. Update FortiProxy to version 7.2.9 or later. Update FortiPAM to version 1.2.0 or later. Update FortiSwitchManager to a version later than 7.2.3 or 7.0.3.