Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-40591

An incorrect privilege assignment vulnerability [CWE-266] in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15 allows an authenticated admin whose access profile has the Security Fabric permission to escalate their privileges to super-admin by connecting the targetted FortiGate to a malicious upstream FortiGate they control.

Published

2025-02-11T17:15:22.810

Last Modified

2025-07-17T20:12:01.387

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-266

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	fortinet	fortios	< 6.4.16	Yes
Operating System	fortinet	fortios	< 7.0.16	Yes
Operating System	fortinet	fortios	< 7.2.10	Yes
Operating System	fortinet	fortios	< 7.4.5	Yes
Operating System	fortinet	fortios	7.6.0	Yes

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-302 Vendor Advisory ([email protected])