FortiOS 7.4.0-7.4.3 SSL request reset (CWE-703)
CVE-2024-26008 Published on October 14, 2025

An improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS version 7.4.0 through 7.4.3 and before 7.2.7, FortiProxy version 7.4.0 through 7.4.3 and before 7.2.9, FortiPAM before 1.2.0 and FortiSwitchManager version 7.2.0 through 7.2.3 and version 7.0.0 through 7.0.3 fgfm daemon may allow an unauthenticated attacker to repeatedly reset the fgfm connection via crafted SSL encrypted TCP requests.

NVD

Vulnerability Analysis

CVE-2024-26008 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
LOW

Weakness Type

Improper Check for Unusual or Exceptional Conditions

The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.


Products Associated with CVE-2024-26008

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-26008 are published in these products:

Fortinet FortiOS
 
Fortinet Fortipam
 
Fortinet FortiProxy
 
Fortinet Fortiswitchmanager
 

Affected Versions

Fortinet FortiProxy: Fortinet FortiPAM: Fortinet FortiOS: Fortinet FortiSwitchManager:

Exploit Probability

EPSS
0.07%
Percentile
21.88%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.