VDB

CISA-2024-26008

CISA-2024-26008 PUBLISHED CVSS 5 MEDIUM

Reported by fortinet · Published October 14, 2025

An improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS version 7.4.0 through 7.4.3 and before 7.2.7, FortiProxy version 7.4.0 through 7.4.3 and before 7.2.9, FortiPAM before 1.2.0 and FortiSwitchManager version 7.2.0 through 7.2.3 and version 7.0.0 through 7.0.3 fgfm daemon may allow an unauthenticated attacker to repeatedly reset the fgfm connection via crafted SSL encrypted TCP requests.

Risk Scores

CVSS 3.1
5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C

Affected Products

VendorProductVersions
FortinetFortiProxy7.4.0, 7.2.0, 7.0.0
FortinetFortiPAM1.2.0, 1.1.0, 1.0.0
FortinetFortiOS7.4.0, 7.2.0, 7.0.0
FortinetFortiSwitchManager7.2.0, 7.0.0
FortinetFortiOS7.0.0, 6.2.0, 6.4.0
FortinetFortiPAM1.2.0, 1.1.0, 1.0.0
FortinetFortiProxy7.2.0, 7.2.0, 2.0.0
FortinetFortiSwitchManager7.0.0, 7.2.0, 7.0.0

Timeline

  • Oct 14, 2025 CVE Published
  • Jan 14, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›