VYPR
Unrated severityNVD Advisory· Published Apr 8, 2025· Updated Feb 26, 2026

CVE-2024-26013

CVE-2024-26013

Description

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and before 7.0.15, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2 before 6.4.8 and Fortinet FortiWeb before 7.4.2 may allow an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*range: 7.4.0
    • (no CPE)range: 7.4.0-7.4.2; 7.2.0-7.2.4; 7.0.0-7.0.11; 6.4.0-6.4.14; <6.2.13
  • Fortinet/Fortiosv52 versions
    cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*range: 7.4.0
    • (no CPE)range: 7.4.0-7.4.4; 7.2.0-7.2.8; 7.0.0-7.0.15; 6.4.0-6.4.15; <6.2.16
  • Fortinet/Fortiproxyllm-fuzzy2 versions
    7.4.0-7.4.2; 7.2.0-7.2.9; <7.0.15+ 1 more
    • (no CPE)range: 7.4.0-7.4.2; 7.2.0-7.2.9; <7.0.15
    • (no CPE)range: 7.4.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.