Fortinet FortiPAM and FortiSRA Improper Access Control Vulnerability Allowing Privilege Escalation

Vulnerability

A vulnerability exists in Fortinet FortiPAM versions 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, and FortiSRA versions 1.4.0 through 1.4.1. The issue arises from improper handling of permissions, allowing attackers to bypass access controls by sending specially crafted HTTP requests.

Impact

Exploitation of this vulnerability could lead to unauthorized access or privilege escalation by allowing attackers to bypass access controls.

Added: Jun 10, 2025, 6:34 PM

Updated: Jun 10, 2025, 6:34 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiPAM and FortiSRA Improper Access Control Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating