CVE-2024-40591
Last modified
CVE-2024-40591 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. An incorrect privilege assignment vulnerability [CWE-266] in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15 allows an authenticated admin whose access profile has the Security Fabric permission to escalate their privileges to super-admin by connecting the targetted FortiGate to a malicious upstream FortiGate they control.. EPSS estimates a 0.57% chance of exploitation in the next 30 days.
Description
An incorrect privilege assignment vulnerability [CWE-266] in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15 allows an authenticated admin whose access profile has the Security Fabric permission to escalate their privileges to super-admin by connecting the targetted FortiGate to a malicious upstream FortiGate they control.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortios | >= 6.4.0, < 6.4.16 |
| Fortinet | Fortios | >= 7.0.0, < 7.0.16 |
| Fortinet | Fortios | >= 7.2.0, < 7.2.10 |
| Fortinet | Fortios | >= 7.4.0, < 7.4.5 |
| Fortinet | Fortios | 7.6.0 |
References
- https://fortiguard.fortinet.com/psirt/FG-IR-24-302Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-40591?
How severe is CVE-2024-40591?
How do I fix CVE-2024-40591?
Are you affected by CVE-2024-40591?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST