CVE-2024-26008 — Improper Check for Unusual or Exceptional Conditions in Fortinet Fortios

CWE-754 — Improper Check for Unusual or Exceptional Conditions4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 77.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet Fortipam Fortinet Fortiproxy +1 more

Timeline

PublishedOct 14

Description

An improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS version 7.4.0 through 7.4.3 and before 7.2.7, FortiProxy version 7.4.0 through 7.4.3 and before 7.2.9, FortiPAM before 1.2.0 and FortiSwitchManager version 7.2.0 through 7.2.3 and version 7.0.0 through 7.0.3 fgfm daemon may allow an unauthenticated attacker to repeatedly reset the fgfm connection via crafted SSL encrypted TCP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages8 packages

▶NVDfortinet/fortios6.2.0 — 7.2.8+1

▶NVDfortinet/fortipam1.0.0 — 1.3.0

▶NVDfortinet/fortiproxy1.2.0 — 7.2.10+1

▶NVDfortinet/fortiswitchmanager7.0.0 — 7.0.4+1

▶CVEListV5fortinet/fortios7.4.0 — 7.4.3+4

🔴Vulnerability Details

GHSA

GHSA-qh97-826g-4v22: An improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS version 7↗2025-10-14

▶

CVEList

CVE-2024-26008: An improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS version 7↗2025-10-14

▶

📋Vendor Advisories

Fortinet

FGFM protocol allows unauthenticated reset of the connection↗2025-10-14

▶