Fortinet FortiOS
0 remedies
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*
0 remedies
- >= 7.4.0, <= 7.4.3
- >= 7.2.0, <= 7.2.7
- >= 7.0.0, <= 7.0.14
- >= 6.4.0, <= 6.4.15
- >= 6.2.0, <= 6.2.16
Fortinet FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiVoice and FortiWeb Improper Restriction of Communication Channel Vulnerability Allowing Man-in-the-Middle Attacks
Vulnerability
A vulnerability allowing improper restriction of communication channels to intended endpoints has been identified in multiple Fortinet products, including FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiVoice, and FortiWeb. This vulnerability affects several different versions and ranges across these products, allowing an unauthenticated attacker in a man-in-the-middle position to intercept and impersonate the management device, such as FortiCloud server or FortiManager, by intercepting the FGFM authentication request between the management device and the managed device.
Impact
Exploitation of this vulnerability allows for man-in-the-middle attacks, where an attacker can intercept and manipulate communications between the management device and the managed device, potentially leading to unauthorized access or control.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
6.8impact
0.6exploitability
5.9remediation
0.0relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.