{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-26013","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2024-02-14T09:18:43.246Z","datePublished":"2025-04-08T14:03:49.230Z","dateUpdated":"2026-02-26T18:28:40.136Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiProxy","cpes":[],"defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.4.0","lessThanOrEqual":"7.4.2","status":"affected"},{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.9","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.15","status":"affected"},{"versionType":"semver","version":"2.0.0","lessThanOrEqual":"2.0.14","status":"affected"}]},{"vendor":"Fortinet","product":"FortiManager","cpes":["cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.4.0","lessThanOrEqual":"7.4.2","status":"affected"},{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.4","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.11","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.14","status":"affected"},{"versionType":"semver","version":"6.2.0","lessThanOrEqual":"6.2.13","status":"affected"}]},{"vendor":"Fortinet","product":"FortiOS","cpes":["cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.4.0","lessThanOrEqual":"7.4.3","status":"affected"},{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.7","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.14","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.15","status":"affected"},{"versionType":"semver","version":"6.2.0","lessThanOrEqual":"6.2.16","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and before 7.0.15, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2 before 6.4.8 and Fortinet FortiWeb before 7.4.2 may allow an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device"}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2025-04-08T14:03:49.230Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-923","description":"Improper access control","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiProxy version 7.4.3 or above \nPlease upgrade to FortiProxy version 7.2.10 or above \nPlease upgrade to FortiProxy version 7.0.16 or above \nPlease upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiOS version 7.4.5 or above \nPlease upgrade to FortiOS version 7.2.9 or above \nPlease upgrade to FortiOS version 7.0.16 or above \nPlease upgrade to FortiOS version 6.2.17 or above \nPlease upgrade to FortiVoice version 7.2.0 or above \nPlease upgrade to FortiVoice version 7.0.3 or above \nPlease upgrade to FortiVoice version 6.4.9 or above \nPlease upgrade to FortiSASE version 23.1 or above \nPlease upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager version 7.2.5 or above \nPlease upgrade to FortiManager version 7.0.12 or above \nPlease upgrade to FortiManager version 6.4.15 or above \nPlease upgrade to FortiManager version 6.2.14 or above \nPlease upgrade to FortiWeb version 7.6.0 or above \nPlease upgrade to FortiWeb version 7.4.3 or above \nPlease upgrade to FortiAnalyzer version 7.4.3 or above \nPlease upgrade to FortiAnalyzer version 7.2.5 or above \nPlease upgrade to FortiAnalyzer version 7.0.12 or above \nPlease upgrade to FortiAnalyzer version 6.4.15 or above \nPlease upgrade to FortiAnalyzer version 6.2.14 or above \nPlease upgrade to FortiGate Cloud version 24.5 or above"}],"references":[{"name":"https://fortiguard.fortinet.com/psirt/FG-IR-24-046","url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-046"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-26013","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-04-09T04:00:43.225373Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T18:28:40.136Z"}}]}}