What is CVE-2024-26008?

A medium-severity vulnerability in Fortinet FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager may allow unauthenticated attackers to reset connections. Organizations should prioritize patching to mitigate potential risks.

What is the severity of CVE-2024-26008?

CVE-2024-26008 has a severity rating of MEDIUM with a CVSS base score of 5.3.

CVE-2024-26008 | Medium Vulnerability in Fortinet FortiOS

An improper check or handling of exceptional conditions vulnerability [CWE-703] exists in multiple Fortinet products, including FortiOS versions 7.4.0 through 7.4.3 and prior to 7.2.7, FortiProxy versions 7.4.0 through 7.4.3 and prior to 7.2.9, FortiPAM before 1.2.0, and FortiSwitchManager versions 7.2.0 through 7.2.3 and 7.0.0 through 7.0.3. This vulnerability allows an unauthenticated attacker to repeatedly reset the fgfm connection via crafted SSL encrypted TCP requests.

The vulnerability has been assigned a CVSS score of 5.3, classifying it as medium severity. The risk to organizations includes potential downtime or disruption of services due to repeated connection resets, which could affect availability.

Currently, there are no known exploits available, and the CVE is not included in the Known Exploited Vulnerabilities (KEV) catalog. However, organizations should remain vigilant as threat actors may look to exploit such vulnerabilities.

Organizations should prioritize patching immediately to mitigate this vulnerability and protect their network infrastructure.

Vulnerability Details

The vulnerability is characterized by an improper check or handling of exceptional conditions, categorized under CWE-703. The affected versions include:

1. FortiOS: 7.4.0 - 7.4.3, before 7.2.7 2. FortiProxy: 7.4.0 - 7.4.3, before 7.2.9 3. FortiPAM: before 1.2.0 4. FortiSwitchManager: 7.2.0 - 7.2.3, 7.0.0 - 7.0.3

The vulnerability was published on October 14, 2025, and its current status is analyzed.

Technical Analysis

The root cause of this vulnerability lies in improper handling of exceptional conditions, which may lead to a state where an attacker can manipulate the fgfm connection. The attack vector is categorized as network-based, requiring no privileges or user interaction, making it easily exploitable.

The attack complexity is low, as attackers can exploit this vulnerability without needing elevated privileges. Additionally, the impact on availability is considered low, as the primary effect is the repeated resetting of connections.

Risk & Impact Analysis

With the vulnerability affecting multiple products, the real-world risk includes potential service disruptions for organizations utilizing Fortinet technologies. The potential blast radius could impact any connected systems relying on these products.

Given the CVSS score of 5.3 and the absence of known exploits, organizations should address this vulnerability in their priority patch cycle.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The following versions are affected by the vulnerability:

1. FortiOS: All versions from 6.2.0 to 7.2.7 and 7.4.0 to 7.4.3 2. FortiProxy: All versions from 1.2.0 to 7.2.9 and 7.4.0 to 7.4.3 3. FortiPAM: All versions before 1.2.0 4. FortiSwitchManager: All versions from 7.0.0 to 7.0.3 and 7.2.0 to 7.2.3

Mitigation & Remediation

Fortinet has released patches for the affected products. Organizations should upgrade to the following versions to remediate the vulnerability:

1. FortiOS: Upgrade to version 7.4.4 or later. 2. FortiProxy: Upgrade to version 7.4.4 or later. 3. FortiPAM: Upgrade to version 1.2.0 or later. 4. FortiSwitchManager: Upgrade to version 7.0.4 or later.

If immediate patching is not feasible, implementing network controls to limit external access can help mitigate the risk.

Organizations should also monitor logs for any unusual activity related to fgfm connections.

Detection Guidance

Detection of potential exploitation attempts may involve monitoring network traffic for repeated fgfm connection resets or unusual patterns of SSL traffic.

Log indicators should include timestamps, source and destination IP addresses, and SSL handshake failures.

AppSecure Threat Intelligence Insight

The vulnerability highlights common weaknesses in handling exceptional conditions across network devices. It emphasizes the need for robust input validation and error handling to thwart potential exploits.

Security teams should adopt a proactive approach by routinely assessing their configurations and updating them based on emerging threats.

For further insights on managing vulnerabilities, organizations can explore resources on vulnerability management programs and penetration testing methodologies to enhance their security posture.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2024-26008: Medium Vulnerability in Fortinet FortiOS