FortiOS, FortiProxy, and FortiPAM Auth Bypass Vulnerability Allows Attackers to Gain Full Control
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
A high-severity authentication bypass vulnerability affecting multiple Fortinet security products, including FortiOS, Fo<\/a>r<\/a>tiProxy<\/a>, and FortiPAM systems.\u00a0<\/p>\n The flaw, designated as CVE-2024-26009 with a CVSS score of 7.9, enables unauthenticated attackers to seize complete control of managed devices through exploitation of the FortiGate-to-FortiManager (FGFM) communication protocol.<\/p>\n The vulnerability stems from an authentication bypass<\/a> using an alternate path or channel, classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel).\u00a0<\/p>\n Attackers can exploit this weakness by crafting malicious FGFM requests to target devices managed by FortiManager systems.\u00a0<\/p>\n The critical prerequisite for successful exploitation is the attacker\u2019s knowledge of the target FortiManager\u2019s serial number, which serves as a key authentication component in the compromised protocol implementation.<\/p>\n The FGFM protocol, designed for secure communication between FortiGate devices and central management systems, contains a fundamental authentication flaw that allows unauthorized command execution.\u00a0<\/p>\n This vulnerability affects legacy versions across multiple product lines, with FortiOS versions 6.0 through 6.4.15 and 6.2.0 through 6.2.16 being particularly vulnerable.\u00a0<\/p>\n FortiProxy installations running versions 7.0.0 through 7.0.15, 7.2.0 through 7.2.8, and 7.4.0 through 7.4.2 are also at risk.<\/p>\n The potential impact is severe, as successful exploitation grants attackers the ability to execute unauthorized code or commands on compromised systems, effectively providing administrative-level access to critical network infrastructure components.<\/p>\n Security researchers from Fortinet\u2019s internal Product Security team, led by Th\u00e9o Leleu, discovered this vulnerability<\/a> during routine security assessments.\u00a0<\/p>\n Organizations using affected versions must prioritize immediate patching. Fortinet recommends upgrading FortiOS 6.4 installations to version 6.4.16 or higher, while FortiOS 6.2 users should upgrade to 6.2.17 or above.<\/p>\n \u00a0FortiProxy users must update to versions 7.0.16, 7.2.9, or 7.4.3, depending on their current installation.\u00a0<\/p>\n Legacy FortiPAM versions 1.0, 1.1, and 1.2 require complete migration to newer releases, as patches are not available for these obsolete versions.<\/p>\n Network administrators should utilize Fortinet\u2019s upgrade tool available at their documentation portal to ensure proper upgrade paths and minimize potential service disruptions during the patching process.<\/p>\n The post FortiOS, FortiProxy, and FortiPAM Auth Bypass Vulnerability Allows Attackers to Gain Full Control<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nKey Takeaways<\/mark><\/strong>
1. CVE-2024-26009 allows authentication bypass in Fortinet products.
2. Attackers gain complete administrative access to managed devices.
3. Upgrade affected FortiOS, FortiProxy, and FortiPAM versions immediately.<\/pre>\nAuthentication Bypass Vulnerability<\/strong><\/h2>\n
\n\n
\n Risk Factors<\/strong><\/td>\n Details<\/strong><\/td>\n<\/tr>\n \n Affected Products<\/td>\n FortiOS 6.0-6.4.15, FortiProxy 7.0-7.4.2, FortiPAM 1.0-1.2, FortiSwitchManager 7.0-7.2.3<\/td>\n<\/tr>\n \n Impact<\/td>\n Execute unauthorized code or commands, full administrative control<\/td>\n<\/tr>\n \n Exploit Prerequisites<\/td>\n Device managed by FortiManager + Knowledge of FortiManager\u2019s serial number<\/td>\n<\/tr>\n \n CVSS 3.1 Score<\/td>\n 7.9 (High Severity)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n Mitigations<\/strong><\/h2>\n
Boost\u00a0your\u00a0SOC and help your team protect your business with free top-notch threat intelligence:\u00a0Request TI Lookup Premium Trial<\/a>.<\/code><\/strong><\/p>\n