CVE-2026-24858

Warnung

Medienbericht

EPSS 3.95%
Veröffentlicht 27.01.2026 19:18:23
Zuletzt bearbeitet 12.05.2026 18:47:28
Quelle psirt@fortinet.com
CVE-Watchlists
Login
Unerledigt
Login

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 11

NVD 20 VulnDex Vulnerability Enrichment 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fortinet ≫ Fortianalyzer Version >= 7.0.0 <= 7.0.15

Fortinet ≫ Fortianalyzer Version >= 7.2.0 <= 7.2.11

Fortinet ≫ Fortianalyzer Version >= 7.4.0 < 7.4.10

Fortinet ≫ Fortianalyzer Version >= 7.6.0 < 7.6.6

Fortinet ≫ Fortimanager Version >= 7.0.0 <= 7.0.15

Fortinet ≫ Fortimanager Version >= 7.2.0 <= 7.2.11

Fortinet ≫ Fortimanager Version >= 7.4.0 < 7.4.10

Fortinet ≫ Fortimanager Version >= 7.6.0 < 7.6.6

Fortinet ≫ FortiProxy Version >= 7.0.0 <= 7.0.22

Fortinet ≫ FortiProxy Version >= 7.2.0 <= 7.2.15

Fortinet ≫ FortiProxy Version >= 7.4.0 <= 7.4.12

Fortinet ≫ FortiProxy Version >= 7.6.0 <= 7.6.4

Fortinet ≫ Fortiweb Version >= 7.4.0 <= 7.4.11

Fortinet ≫ Fortiweb Version >= 7.6.0 <= 7.6.6

Fortinet ≫ Fortiweb Version >= 8.0.0 <= 8.0.3

Fortinet ≫ FortiOS Version >= 7.0.0 <= 7.0.18

Fortinet ≫ FortiOS Version >= 7.2.0 <= 7.2.12

Fortinet ≫ FortiOS Version >= 7.4.0 < 7.4.11

Fortinet ≫ FortiOS Version >= 7.6.0 < 7.6.6

Siemens ≫ Ruggedcom Ape1808 Firmware Version-

Siemens ≫ Ruggedcom Ape1808 Version-

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

27.01.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability

Schwachstelle

Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path or channel that could allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen