A high-severity authentication bypass vulnerability affecting multiple Fortinet security products, including FortiOS, FortiProxy, and FortiPAM systems.
The flaw, designated as CVE-2024-26009 with a CVSS score of 7.9, enables unauthenticated attackers to seize complete control of managed devices through exploitation of the FortiGate-to-FortiManager (FGFM) communication protocol.
Key Takeaways
1. CVE-2024-26009 allows authentication bypass in Fortinet products.
2. Attackers gain complete administrative access to managed devices.
3. Upgrade affected FortiOS, FortiProxy, and FortiPAM versions immediately.
Authentication Bypass Vulnerability
The vulnerability stems from an authentication bypass using an alternate path or channel, classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel).
Attackers can exploit this weakness by crafting malicious FGFM requests to target devices managed by FortiManager systems.
The critical prerequisite for successful exploitation is the attacker’s knowledge of the target FortiManager’s serial number, which serves as a key authentication component in the compromised protocol implementation.
The FGFM protocol, designed for secure communication between FortiGate devices and central management systems, contains a fundamental authentication flaw that allows unauthorized command execution.
This vulnerability affects legacy versions across multiple product lines, with FortiOS versions 6.0 through 6.4.15 and 6.2.0 through 6.2.16 being particularly vulnerable.
FortiProxy installations running versions 7.0.0 through 7.0.15, 7.2.0 through 7.2.8, and 7.4.0 through 7.4.2 are also at risk.
The potential impact is severe, as successful exploitation grants attackers the ability to execute unauthorized code or commands on compromised systems, effectively providing administrative-level access to critical network infrastructure components.
Security researchers from Fortinet’s internal Product Security team, led by Théo Leleu, discovered this vulnerability during routine security assessments.
| Risk Factors | Details |
| Affected Products | FortiOS 6.0-6.4.15, FortiProxy 7.0-7.4.2, FortiPAM 1.0-1.2, FortiSwitchManager 7.0-7.2.3 |
| Impact | Execute unauthorized code or commands, full administrative control |
| Exploit Prerequisites | Device managed by FortiManager + Knowledge of FortiManager’s serial number |
| CVSS 3.1 Score | 7.9 (High Severity) |
Mitigations
Organizations using affected versions must prioritize immediate patching. Fortinet recommends upgrading FortiOS 6.4 installations to version 6.4.16 or higher, while FortiOS 6.2 users should upgrade to 6.2.17 or above.
FortiProxy users must update to versions 7.0.16, 7.2.9, or 7.4.3, depending on their current installation.
Legacy FortiPAM versions 1.0, 1.1, and 1.2 require complete migration to newer releases, as patches are not available for these obsolete versions.
Network administrators should utilize Fortinet’s upgrade tool available at their documentation portal to ensure proper upgrade paths and minimize potential service disruptions during the patching process.
Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.
Source link
