Fortinet FortiOS Privilege Escalation Vulnerability in Security Fabric Access Profiles

Vulnerability

A vulnerability allowing incorrect privilege assignment has been identified in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9, and prior to 7.0.15. This vulnerability allows an authenticated admin with Security Fabric permissions to escalate privileges to super-admin. The escalation is achieved by connecting the targeted FortiGate device to a malicious upstream FortiGate controlled by the admin.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, granting an admin super-admin rights.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

5.0

exploitability

4.5

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

5.0

exploitability

4.5

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiOS Privilege Escalation Vulnerability in Security Fabric Access Profiles

Vulnerability

Impact

Affected Products

Fortinet FortiOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating