Primary

Context

Fortinet FortiOS Security Fabric Incorrect Privilege Assignment Vulnerability Allowing Privilege Escalation

Vulnerability

Patched

A vulnerability allowing incorrect privilege assignment has been identified in Fortinet FortiOS Security Fabric. This issue affects versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, as well as all versions of FortiOS 7.2, 7.0, and 6.4. The vulnerability may enable a remote authenticated attacker with high privileges to escalate their privileges to super-admin by registering the device with a malicious FortiManager.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to gain super-admin rights.

Remediation

Users can upgrade Fortinet FortiOS Security Fabric to version 7.6.3 or above for FortiOS 7.6, and to version 7.4.8 or above for FortiOS 7.4. For FortiOS 7.2, 7.0, and 6.4, users should migrate to a fixed release. Fortinet provides an upgrade tool to assist with this process.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

5.0

exploitability

4.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

5.0

exploitability

4.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiOS Security Fabric Incorrect Privilege Assignment Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

Fortinet FortiOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating