CVE-2024-26013: 
FortiOS vulnerability analysis and mitigation

A high-severity vulnerability identified as CVE-2024-26013 affects multiple Fortinet products including FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiVoice, and FortiWeb. The vulnerability is classified as an improper restriction of communication channel to intended endpoints [CWE-923] and was discovered internally by Fortinet's security team. The issue was disclosed on April 8, 2025, with a CVSS v3.1 score of 7.5 (Fortinet PSIRT, SecurityWeek).

The vulnerability allows an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or FortiManager) by intercepting FGFM authentication requests between the management device and the managed device. The issue affects multiple product versions including FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, among others (NVD, Fortinet PSIRT).

The vulnerability could allow attackers to perform man-in-the-middle attacks and impersonate legitimate management devices, potentially compromising the security of affected systems. This could lead to unauthorized access and control over managed devices, posing a significant risk to network security (SecurityWeek).

Fortinet has released patches for all affected products and versions. Users are advised to upgrade to the following versions: FortiOS to 7.4.5 or above, FortiProxy to 7.4.3 or above, FortiManager to 7.4.3 or above, FortiAnalyzer to 7.4.3 or above, FortiVoice to 7.0.3 or above, and FortiWeb to 7.4.3 or above. Organizations should follow the recommended upgrade path using Fortinet's upgrade tool (Fortinet PSIRT).