An incorrect privilege assignment vulnerability [CWE-266] in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9, and before 7.0.15 allows an authenticated admin whose access profile has the Security Fabric permission to escalate their privileges to super-admin by connecting the targeted FortiGate to a malicious upstream FortiGate they control. The CVSS score for this vulnerability is 8.8, categorizing it as high severity.
Risk to organizations includes potential unauthorized access to critical system functionalities and data loss. Attackers may leverage this vulnerability to gain elevated privileges, compromising the integrity and availability of systems. Organizations should prioritize patching immediately to mitigate this risk.
Currently, there are no known exploits or public proof of concepts available for this CVE. However, the high exploitability rating indicates that the potential for exploitation is significant, which underscores the urgency for defenders to act.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)