What is the severity of FG-IR-24-032?

The severity of FG-IR-24-032 is classified as improper authentication vulnerability.

How do I fix FG-IR-24-032?

To fix FG-IR-24-032, update FortiManager, FortiOS, FortiPAM, FortiPortal, FortiProxy, or FortiSwitchManager to the respective remedial versions listed in the advisory.

What products are affected by FG-IR-24-032?

The affected products by FG-IR-24-032 include FortiManager, FortiOS, FortiPAM, FortiPortal, FortiProxy, and FortiSwitchManager.

Is FG-IR-24-032 an authentication vulnerability?

Yes, FG-IR-24-032 is an improper authentication vulnerability that allows unauthenticated attackers to inject packets.

Which versions of FortiManager are vulnerable according to FG-IR-24-032?

Versions of FortiManager between 7.4.0 and 7.4.2, 7.2.0 and 7.2.4, 7.0.0 and 7.0.11, and 6.4.0 and 6.4.14 are vulnerable to FG-IR-24-032.

Vulnerability/
FG-IR-24-032

medium

5.2

12/11/2024

15/11/2024

FG-IR-24-032: FortiOS - Improper authentication in fgfmd

First published: Tue Nov 12 2024(Updated: )

An improper authentication vulnerability [CWE-287] in FortiManager, FortiOS, FortiPAM, FortiPortal, FortiProxy and FortiSwitchManager fgfmd daemon may allow an unauthenticated attacker to inject (but not receive) packets in tunnels established between a FortiManager and the targeted device.

Affected Software	Affected Version	How to fix
Fortinet FortiManager	>=7.4.0<=7.4.2
Fortinet FortiManager	>=7.2.0<=7.2.4
Fortinet FortiManager	>=7.0.0<=7.0.11
Fortinet FortiManager	>=6.4.0<=6.4.14
Fortinet FortiOS IPS Engine	>=7.4.0<=7.4.3
Fortinet FortiOS IPS Engine	>=7.2.0<=7.2.7
Fortinet FortiOS IPS Engine	>=7.0.0<=7.0.14
Fortinet FortiOS IPS Engine	>=6.4
Fortinet FortiOS IPS Engine	>=6.2
Fortinet FortiOS IPS Engine	>=6.0
FortiGuard FortiPAM	>=1.2
FortiGuard FortiPAM	>=1.1
FortiGuard FortiPAM	>=1.0
Fortinet FortiPortal	>=6.0.0<=6.0.14
Fortinet FortiPortal	>=5.3
Fortinet FortiProxy	>=7.4.0<=7.4.3
Fortinet FortiProxy	>=7.2.0<=7.2.9
Fortinet FortiProxy	>=7.0.0<=7.0.16
Fortinet FortiProxy	>=2.0
Fortinet FortiProxy	>=1.2
Fortinet FortiProxy	>=1.1
Fortinet FortiProxy	>=1.0
Fortinet FortiSwitchManager	>=7.2.0<=7.2.3
Fortinet FortiSwitchManager	>=7.0.0<=7.0.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of FG-IR-24-032?
The severity of FG-IR-24-032 is classified as improper authentication vulnerability.
How do I fix FG-IR-24-032?
To fix FG-IR-24-032, update FortiManager, FortiOS, FortiPAM, FortiPortal, FortiProxy, or FortiSwitchManager to the respective remedial versions listed in the advisory.
What products are affected by FG-IR-24-032?
The affected products by FG-IR-24-032 include FortiManager, FortiOS, FortiPAM, FortiPortal, FortiProxy, and FortiSwitchManager.
Is FG-IR-24-032 an authentication vulnerability?
Yes, FG-IR-24-032 is an improper authentication vulnerability that allows unauthenticated attackers to inject packets.
Which versions of FortiManager are vulnerable according to FG-IR-24-032?
Versions of FortiManager between 7.4.0 and 7.4.2, 7.2.0 and 7.2.4, 7.0.0 and 7.0.11, and 6.4.0 and 6.4.14 are vulnerable to FG-IR-24-032.

agent/last-modified-date
agent/type
agent/first-publish-date
agent/severity
agent/title
agent/references
agent/description
collector/fortiguard-psirt-latest
source/FortiGuard
alias/CVE-2024-26011
agent/event
agent/softwarecombine
agent/source
agent/tags
collector/fortiguard-psirt
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/fortinet
canonical/fortinet fortimanager
version/fortinet fortimanager/7.4.0
version/fortinet fortimanager/7.4.2
version/fortinet fortimanager/7.2.0
version/fortinet fortimanager/7.2.4
version/fortinet fortimanager/7.0.0
version/fortinet fortimanager/7.0.11
version/fortinet fortimanager/6.4.0
version/fortinet fortimanager/6.4.14
canonical/fortinet fortios ips engine
version/fortinet fortios ips engine/7.4.0
version/fortinet fortios ips engine/7.4.3
version/fortinet fortios ips engine/7.2.0
version/fortinet fortios ips engine/7.2.7
version/fortinet fortios ips engine/7.0.0
version/fortinet fortios ips engine/7.0.14
version/fortinet fortios ips engine/6.4
version/fortinet fortios ips engine/6.2
version/fortinet fortios ips engine/6.0
canonical/fortiguard fortipam
version/fortiguard fortipam/1.2
version/fortiguard fortipam/1.1
version/fortiguard fortipam/1.0
canonical/fortinet fortiportal
version/fortinet fortiportal/6.0.0
version/fortinet fortiportal/6.0.14
version/fortinet fortiportal/5.3
canonical/fortinet fortiproxy
version/fortinet fortiproxy/7.4.0
version/fortinet fortiproxy/7.4.3
version/fortinet fortiproxy/7.2.0
version/fortinet fortiproxy/7.2.9
version/fortinet fortiproxy/7.0.0
version/fortinet fortiproxy/7.0.16
version/fortinet fortiproxy/2.0
version/fortinet fortiproxy/1.2
version/fortinet fortiproxy/1.1
version/fortinet fortiproxy/1.0
canonical/fortinet fortiswitchmanager
version/fortinet fortiswitchmanager/7.2.0
version/fortinet fortiswitchmanager/7.2.3
version/fortinet fortiswitchmanager/7.0.0
version/fortinet fortiswitchmanager/7.0.3