CNNVD-202601-4452 Information
CNNVD ID
CNNVD-202601-4452
Related CVE
- CNNVD Published: 2026-01-27
Description (Chinese)
Fortinet FortiOS等都是美国飞塔(Fortinet)公司的产品。Fortinet FortiOS是一套专用于FortiGate网络安全平台上的安全操作系统。Fortinet FortiManager是一套集中化网络安全管理平台。Fortinet FortiAnalyzer是一套集中式网络安全报告解决方案。 Fortinet多款产品存在安全漏洞,该漏洞源于使用替代路径或通道的身份验证绕过,可能导致攻击者登录其他账户注册的设备。以下产品及版本受到影响:FortiAnalyzer 7.6.0至7.6.5版本、7.4.0至7.4.9版本、7.2.0至7.2.11版本和7.0.0至7.0.15版本、FortiManager 7.6.0至7.6.5版本、7.4.0至7.4.9版本、7.2.0至7.2.11版本和7.0.0至7.0.15版本、FortiOS 7.6.0至7.6.5版本、7.4.0至7.4.10版本、7.2.0至7.2.12版本和7.0.0至7.0.18版本。
Description (English)
Fortinet FortiOS and others are products of Fortinet. Fortinet FortiOS is a secure operating system dedicated to the FortiGate network security platform. Fortinet FortiManager is a centralized network security management platform. Fortinet FortiAnalyzer is a centralized cybersecurity reporting solution. There is a safety loophole in Fortinet ’ s multiple products, which stems from the use of alternative routes or channels for identification bypassing, which may result in the attackers entering equipment registered in other accounts. The following products and versions were affected: FortiAnalyzer Versions 7.6.0 to 7.6.5, 7.4.0 to 7.4.9, 7.2.0 to 7.2.11 and 7.0.0 to 7.0.15, FortiManager Versions 7.6.0 to 7.6.5, 7.4.0 to 7.4.9, 7.2.11 and 7.0.0 to 7.0.15, FortiOS 7.6.0 to 7.6.5, 7.4.0, 7.2.12 and 7.0.0 to 7.0.18.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
飞塔
Published
2026-01-27
Last Modified
2026-02-24
References
https://fortiguard.fortinet.com/psirt/FG-IR-26-060 https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-24858 https://access.redhat.com/security/cve/cve-2026-24858
Patch
https://fortiguard.fortinet.com/psirt/FG-IR-26-060
Share on: