{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-20T11:07:13.923","vulnerabilities":[{"cve":{"id":"CVE-2024-26009","sourceIdentifier":"psirt@fortinet.com","published":"2025-08-12T19:15:27.230","lastModified":"2026-04-20T09:16:08.200","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS 6.4.0 through 6.4.15, FortiOS 6.2.0 through 6.2.16, FortiOS 6.0 all versions, FortiPAM 1.2.0, FortiPAM 1.1.0 through 1.1.2, FortiPAM 1.0.0 through 1.0.3, FortiProxy 7.4.0 through 7.4.2, FortiProxy 7.2.0 through 7.2.8, FortiProxy 7.0.0 through 7.0.15, FortiSwitchManager 7.2.0 through 7.2.3, FortiSwitchManager 7.0.0 through 7.0.3 allows an unauthenticated attacker to seize control of a managed device via crafted FGFM requests, if the device is managed by a FortiManager, and if the attacker knows that FortiManager's serial number."},{"lang":"es","value":"Una vulnerabilidad de omisión de autenticación mediante una ruta o canal alternativo [CWE-288] en Fortinet FortiOS versión 6.4.0 a 6.4.15 y anteriores a 6.2.16, FortiProxy versión 7.4.0 a 7.4.2, 7.2.0 a 7.2.8 y anteriores a 7.0.15 y FortiPAM anterior a la versión 1.2.0 permite a un atacante no autenticado tomar el control de un dispositivo administrado a través de solicitudes FGFM manipuladas, si el dispositivo es administrado por un FortiManager y si el atacante conoce el número de serie de ese FortiManager."}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.4","matchCriteriaId":"7A020C2E-1DDB-4737-92D9-B125FFBE007A"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.4","matchCriteriaId":"EB0D2553-E4E6-454A-80F6-9D014A4710D3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.16","matchCriteriaId":"D14FBA88-C364-4911-BBE8-E289139BF1AF"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.9","matchCriteriaId":"DF62C95E-AB35-4A8E-84F8-5197E9D33C21"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.3","matchCriteriaId":"4A077234-F19C-4E87-A7A5-A266B5C903C7"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndIncluding":"1.2.0","matchCriteriaId":"133A320C-2C5A-4E9D-A433-6C24F71A5FB0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.2.17","matchCriteriaId":"10332526-9457-4D1B-8AC1-60D6F7E749AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"6.4.16","matchCriteriaId":"B481963F-0415-42C8-BB38-C1A8BDF4B9F7"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-042","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}}]}