SB2025040909 - MitM attack in FortiManager
Published: April 9, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Improper restriction of communication channel to intended endpoints (CVE-ID: CVE-2024-26013)
CWE-ID: CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
CVSSv4: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to missing certificate name verification for FGFM connection. A remote non-authenticated attacker can intercept the FGFM authentication request between the management device and the managed device and impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager).
Successful exploitation of the vulnerability may allow an attacker to compromise the affected device.
2) Improper restriction of communication channel to intended endpoints (CVE-ID: CVE-2024-50565)
CWE-ID: CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
CVSSv4: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to missing certificate name verification for FGFM connection. A remote non-authenticated attacker can intercept the FGFM authentication request between the management device and the managed device and impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager).
Successful exploitation of the vulnerability may allow an attacker to compromise the affected device.
Remediation
Install update from vendor's website.