Details of VAR-202504-4202

ID

VAR-202504-4202

CVE

CVE-2024-26013

DESCRIPTION

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and before 7.0.15, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2 before 6.4.8 and Fortinet FortiWeb before 7.4.2 may allow an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device

Trust: 1.0

sources: NVD: CVE-2024-26013

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortios	scope:	gte	version:	7.4.0	Trust: 1.0
vendor:	fortinet	model:	fortianalyzer	scope:	gte	version:	7.2.0	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortianalyzer	scope:	lt	version:	7.4.3	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	7.2.9	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	fortinet	model:	fortianalyzer	scope:	lt	version:	6.2.14	Trust: 1.0
vendor:	fortinet	model:	fortianalyzer	scope:	gte	version:	7.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	7.2.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	lt	version:	7.4.3	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lt	version:	7.4.3	Trust: 1.0
vendor:	fortinet	model:	fortianalyzer	scope:	lt	version:	7.0.12	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	lt	version:	7.4.3	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	gte	version:	7.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	7.4.0	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	gte	version:	7.2.0	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	lt	version:	6.4.9	Trust: 1.0
vendor:	fortinet	model:	fortianalyzer	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	lt	version:	6.2.14	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	lt	version:	7.0.3	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	7.0.16	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	lt	version:	7.0.12	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	gte	version:	7.4.0	Trust: 1.0
vendor:	fortinet	model:	fortianalyzer	scope:	lt	version:	6.4.15	Trust: 1.0
vendor:	fortinet	model:	fortianalyzer	scope:	lt	version:	7.2.5	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lt	version:	7.2.10	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	lt	version:	6.4.15	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	7.2.0	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	lt	version:	7.2.5	Trust: 1.0
vendor:	fortinet	model:	fortianalyzer	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lt	version:	7.0.16	Trust: 1.0
vendor:	fortinet	model:	fortianalyzer	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	7.4.5	Trust: 1.0

sources: NVD: CVE-2024-26013

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com:	CVE-2024-26013
value:	HIGH
Trust: 1.0

psirt@fortinet.com:	CVE-2024-26013
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: NVD: CVE-2024-26013

PROBLEMTYPE DATA

problemtype:

CWE-923

Trust: 1.0

sources: NVD: CVE-2024-26013

EXTERNAL IDS

db:

NVD

id:

CVE-2024-26013

Trust: 1.0

sources: NVD: CVE-2024-26013

REFERENCES

url:

https://fortiguard.fortinet.com/psirt/fg-ir-24-046

Trust: 1.0

sources: NVD: CVE-2024-26013

SOURCES

db:

NVD

id:

CVE-2024-26013

LAST UPDATE DATE

2025-07-26T19:34:29.764000+00:00

SOURCES UPDATE DATE

db:

NVD

id:

CVE-2024-26013

date:

2025-07-25T15:22:20.997

SOURCES RELEASE DATE

db:

NVD

id:

CVE-2024-26013

date:

2025-04-08T14:15:30.863