What is the severity of FG-IR-24-046?

The severity of FG-IR-24-046 is considered high due to improper restrictions allowing possible man-in-the-middle attacks.

How do I fix FG-IR-24-046?

To fix FG-IR-24-046, upgrade affected Fortinet products to the recommended versions specified by Fortinet.

What products are affected by FG-IR-24-046?

FG-IR-24-046 affects various versions of FortiOS, FortiManager, FortiAnalyzer, FortiWeb, FortiProxy, and FortiVoice.

Who can exploit FG-IR-24-046?

An unauthenticated attacker positioned in a man-in-the-middle role can exploit FG-IR-24-046.

What is the nature of the vulnerability FG-IR-24-046?

FG-IR-24-046 is characterized as an improper restriction of communication channels to intended endpoints.

Vulnerability/
FG-IR-24-046

high

7.1

8/4/2025

11/4/2025

FG-IR-24-046: No certificate name verification for fgfm connection

First published: Tue Apr 08 2025(Updated: )

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiVoice and FortiWeb may allow an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device

Affected Software	Affected Version	How to fix
Fortinet FortiAnalyzer	>=7.4.0<=7.4.2
Fortinet FortiAnalyzer	>=7.2.0<=7.2.4
Fortinet FortiAnalyzer	>=7.0.0<=7.0.11
Fortinet FortiAnalyzer	>=6.4.0<=6.4.14
Fortinet FortiAnalyzer	>=6.2.0<=6.2.13
Fortinet FortiManager	>=7.4.0<=7.4.2
Fortinet FortiManager	>=7.2.0<=7.2.4
Fortinet FortiManager	>=7.0.0<=7.0.11
Fortinet FortiManager	>=6.4.0<=6.4.14
Fortinet FortiManager	>=6.2.0<=6.2.13
FortiOS	>=7.4.0<=7.4.4
FortiOS	>=7.2.0<=7.2.8
FortiOS	>=7.0.0<=7.0.15
FortiOS	>=6.4
FortiOS	>=6.2.0<=6.2.16
Fortinet FortiProxy SSL VPN webmode	>=7.4.0<=7.4.2
Fortinet FortiProxy SSL VPN webmode	>=7.2.0<=7.2.9
Fortinet FortiProxy SSL VPN webmode	>=7.0.0<=7.0.15
Fortinet FortiProxy SSL VPN webmode	>=2.0
Fortinet FortiVoice Enterprise	>=7.0.0<=7.0.2
Fortinet FortiVoice Enterprise	>=6.4.0<=6.4.8
Fortinet FortiVoice Enterprise	>=6.0
Fortinet FortiWeb	>=7.4.0<=7.4.2
Fortinet FortiWeb	>=7.2
Fortinet FortiWeb	>=7.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of FG-IR-24-046?
The severity of FG-IR-24-046 is considered high due to improper restrictions allowing possible man-in-the-middle attacks.
How do I fix FG-IR-24-046?
To fix FG-IR-24-046, upgrade affected Fortinet products to the recommended versions specified by Fortinet.
What products are affected by FG-IR-24-046?
FG-IR-24-046 affects various versions of FortiOS, FortiManager, FortiAnalyzer, FortiWeb, FortiProxy, and FortiVoice.
Who can exploit FG-IR-24-046?
An unauthenticated attacker positioned in a man-in-the-middle role can exploit FG-IR-24-046.
What is the nature of the vulnerability FG-IR-24-046?
FG-IR-24-046 is characterized as an improper restriction of communication channels to intended endpoints.

collector/fortiguard-psirt-latest
source/FortiGuard
alias/CVE-2024-26013
agent/last-modified-date
agent/source
agent/type
agent/first-publish-date
agent/title
agent/severity
agent/references
agent/description
agent/event
agent/softwarecombine
agent/tags
collector/fortiguard-psirt
alias/CVE-2024-50565
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/fortinet
canonical/fortinet fortianalyzer
version/fortinet fortianalyzer/7.4.0
version/fortinet fortianalyzer/7.4.2
version/fortinet fortianalyzer/7.2.0
version/fortinet fortianalyzer/7.2.4
version/fortinet fortianalyzer/7.0.0
version/fortinet fortianalyzer/7.0.11
version/fortinet fortianalyzer/6.4.0
version/fortinet fortianalyzer/6.4.14
version/fortinet fortianalyzer/6.2.0
version/fortinet fortianalyzer/6.2.13
canonical/fortinet fortimanager
version/fortinet fortimanager/7.4.0
version/fortinet fortimanager/7.4.2
version/fortinet fortimanager/7.2.0
version/fortinet fortimanager/7.2.4
version/fortinet fortimanager/7.0.0
version/fortinet fortimanager/7.0.11
version/fortinet fortimanager/6.4.0
version/fortinet fortimanager/6.4.14
version/fortinet fortimanager/6.2.0
version/fortinet fortimanager/6.2.13
canonical/fortios
version/fortios/7.4.0
version/fortios/7.4.4
version/fortios/7.2.0
version/fortios/7.2.8
version/fortios/7.0.0
version/fortios/7.0.15
version/fortios/6.4
version/fortios/6.2.0
version/fortios/6.2.16
canonical/fortinet fortiproxy ssl vpn webmode
version/fortinet fortiproxy ssl vpn webmode/7.4.0
version/fortinet fortiproxy ssl vpn webmode/7.4.2
version/fortinet fortiproxy ssl vpn webmode/7.2.0
version/fortinet fortiproxy ssl vpn webmode/7.2.9
version/fortinet fortiproxy ssl vpn webmode/7.0.0
version/fortinet fortiproxy ssl vpn webmode/7.0.15
version/fortinet fortiproxy ssl vpn webmode/2.0
canonical/fortinet fortivoice enterprise
version/fortinet fortivoice enterprise/7.0.0
version/fortinet fortivoice enterprise/7.0.2
version/fortinet fortivoice enterprise/6.4.0
version/fortinet fortivoice enterprise/6.4.8
version/fortinet fortivoice enterprise/6.0
canonical/fortinet fortiweb
version/fortinet fortiweb/7.4.0
version/fortinet fortiweb/7.4.2
version/fortinet fortiweb/7.2
version/fortinet fortiweb/7.0