Privilege Escalation Vulnerability in Fortinet FortiOS
CVE-2024-40591
8HIGH
Summary
An incorrect privilege assignment vulnerability in Fortinet FortiOS could allow an authenticated admin with the Security Fabric permission to escalate their privileges to super-admin. This can occur when the compromised FortiGate device connects to a malicious upstream FortiGate controlled by an attacker, creating a significant security risk for organizations reliant on Fortinet's infrastructure.
Affected Version(s)
FortiOS 7.6.0
FortiOS 7.4.0 <= 7.4.4
FortiOS 7.2.0 <= 7.2.9
References
CVSS V3.1
Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved