CVE-2024-26008

CVSS 5 MEDIUMEPSS 0.4%CWE-754

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

14 Oct 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS version 7.4.0 through 7.4.3 and before 7.2.7, FortiProxy version 7.4.0 through 7.4.3 and before 7.2.9, FortiPAM before 1.2.0 and FortiSwitchManager version 7.2.0 through 7.2.3 and version 7.0.0 through 7.0.3 fgfm daemon may allow an unauthenticated attacker to repeatedly reset the fgfm connection via crafted SSL encrypted TCP requests.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C

Affected products

Fortinet · FortiOS Fortinet · FortiPAM Fortinet · FortiProxy Fortinet · FortiSwitchManager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-041