CVE-2024-26009 – Fortinet FortiOS Authentication Bypass via FGFM Requests

August 12, 2025

CVE ID : CVE-2024-26009

Published : Aug. 12, 2025, 7:15 p.m. | 6 hours, 25 minutes ago

Description : An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS version 6.4.0 through 6.4.15 and before 6.2.16, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8 and before 7.0.15 & FortiPAM before version 1.2.0 allows an unauthenticated attacker to seize control of a managed device via crafted FGFM requests, if the device is managed by a FortiManager, and if the attacker knows that FortiManager’s serial number.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-25256 – Fortinet FortiSIEM OS Command Injection

Next Article CVE-2025-53784 – Microsoft Office Word Use After Free Remote Code Execution Vulnerability

Highlights

CVE-2025-40775 – BIND DNS Invalid TSIG Algorithm Field Vulnerability

May 21, 2025

CVE ID : CVE-2025-40775

Published : May 21, 2025, 1:16 p.m. | 1 hour, 34 minutes ago

Description : When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure.
This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

From Line To Layout: How Past Experiences Shape Your Design Career

Hire React.js Developers in the US: How to Choose the Right Team for Your Needs

Google’s coding agent Jules gets critique functionality

The best smartphones without AI features in 2025: Expert tested and recommended

GPT-5 was supposed to simplify ChatGPT but now it has 4 new modes – here’s why

Gemini just got two of ChatGPT’s best features – and they’re free

I found the easiest way to send files between my Android phone and desktop – and it’s free

Laravel Boost is released

Laravel Boost is released

Frontend Standards for Optimizely Configured Commerce: Clean & Scalable Web Best Practices

Live Agent Escalation in Copilot Studio Using D365 Omnichannel – Architecture and Use Case

OpenAI’s Sam Altman: GPT-5 fails to meet AGI standards amid Microsoft’s fading partnership — “it’s still missing something”

OpenAI’s Sam Altman: GPT-5 fails to meet AGI standards amid Microsoft’s fading partnership — “it’s still missing something”

You Think You Need a Monster PC to Run Local AI, Don’t You? — My Seven-Year-Old Mid-range Laptop Says Otherwise

8 Registry Tweaks that will Make File Explorer Faster and Easier to Use on Windows 11

CVE-2024-26009 – Fortinet FortiOS Authentication Bypass via FGFM Requests

How the always-on generation can level up its cybersecurity game

Supply-chain dependencies: Check your resilience blind spot

xdémineur is a minesweeper game

CVE-2025-47896 – VMware Remote Code Execution

SystemdGenie is a systemd management utility

SAP NetWeaver 0-day Vulnerability Exploited in the Wild to Deploy Webshells

CVE-2025-40775 – BIND DNS Invalid TSIG Algorithm Field Vulnerability

CVE-2025-5438 – Linksys WPS Command Injection Vulnerability

CVE-2024-48905 – Sematell ReplyOne Authentication Bypass

How the Senate’s ban on state AI regulation imperils internet access

CVE-2024-26009 – Fortinet FortiOS Authentication Bypass via FGFM Requests

Related Posts