Primary

Context

Fortinet FortiOS, FortiProxy, and FortiWeb Improper Privilege Management Vulnerability Granting Super-Admin Rights

Vulnerability

A vulnerability allowing improper privilege management has been identified in Fortinet FortiOS versions 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, and prior to 6.4.15. Additionally, Fortinet FortiProxy and Fortinet FortiWeb versions 7.6.0 through 7.6.1 and FortiWeb versions prior to 7.4.6 are affected. This vulnerability allows an authenticated attacker with at least read-only admin permissions to escalate privileges to super-admin by sending crafted requests to the Node.js websocket module.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, enabling an attacker to gain super-admin rights.

Added: Jun 10, 2025, 6:34 PM

Updated: Jun 10, 2025, 6:34 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

5.0

exploitability

4.9

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

5.0

exploitability

4.9

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiOS, FortiProxy, and FortiWeb Improper Privilege Management Vulnerability Granting Super-Admin Rights

Vulnerability

Impact

Affected Products

Fortinet FortiOS

Fortinet FortiProxy

Fortinet FortiWeb

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating