![[The AI Show Episode 142]: ChatGPT’s New Image Generator, Studio Ghibli Craze and Backlash, Gemini 2.5, OpenAI Academy, 4o Updates, Vibe Marketing & xAI Acquires X](https://www.marketingaiinstitute.com/hubfs/ep%20142%20cover.png)
![What tool should I be using for mapping a function across the complex domain? [closed]](https://cdn.sstatic.net/Sites/softwareengineering/Img/apple-touch-icon@2.png?v=1ef7363febba)
.jpg?#)
![YouTube Announces New Creation Tools for Shorts [Video]](https://www.iclarified.com/images/news/96923/96923/96923-640.jpg)
![Apple Faces New Tariffs but Has Options to Soften the Blow [Kuo]](https://www.iclarified.com/images/news/96921/96921/96921-640.jpg)
FortiOS Security Fabric Vulnerability Let Attackers Escalate Privileges to Super-admin
Fortinet has addressed a critical security flaw in its FortiOS Security Fabric that could allow authenticated administrators to elevate privileges to the super-admin level by connecting vulnerable devices to malicious upstream FortiGate systems. Tracked as an “incorrect privilege assignment” vulnerability, the issue enables attackers with Security Fabric permissions to gain unrestricted control over affected networks. […] The post FortiOS Security Fabric Vulnerability Let Attackers Escalate Privileges to Super-admin appeared first on Cyber Security News.
Fortinet has addressed a critical security flaw in its FortiOS Security Fabric that could allow authenticated administrators to elevate privileges to the super-admin level by connecting vulnerable devices to malicious upstream FortiGate systems.
Tracked as an “incorrect privilege assignment” vulnerability, the issue enables attackers with Security Fabric permissions to gain unrestricted control over affected networks.
The vulnerability resides in improper access controls in the Security Fabric’s trust hierarchy. Threat actors can bypass intended restrictions and escalate their privileges by linking a compromised FortiGate to a malicious upstream device controlled by an attacker.
This grants full administrative rights, including modifying configurations, deploying malware, or exfiltrating sensitive data.
Affected Versions
- FortiOS 7.6.0
- FortiOS 7.4.0–7.4.4
- FortiOS 7.2.0–7.2.9
- FortiOS 7.0.0–7.0.15
- FortiOS 6.4 (all versions; requires migration)
FortiOS 6.4 users must migrate to newer releases, as no patches are available for this legacy branch.
Mitigation and Updates
Fortinet urges administrators to apply fixes immediately:
- Upgrade to FortiOS 7.6.1, 7.4.5, 7.2.10, or 7.0.16 for supported versions.
- For FortiOS 6.4, migrate to a fixed release using the Fortinet Upgrade Tool.
The company confirmed Justin Lum of its R&D team internally discovered the vulnerability. No workarounds are available, making patching the sole remedy.
This flaw highlights risks in interconnected security architectures. The Security Fabric’s centralized management, while streamlining operations, becomes a liability if trust relationships are exploited. Similar issues have plagued FortiOS in the past, including authentication bypasses (CVE-2024-55591).
Fortinet’s advisory underscores the urgency: “Customers must upgrade to prevent exploitation.” With super-admin access, attackers could dismantle network defenses, making prompt action critical.
Are you from SOC/DFIR Team? - Join 500,000+ Researchers to Analyze Cyber Threats with ANY.RUN Sandbox - Try for Free
The post FortiOS Security Fabric Vulnerability Let Attackers Escalate Privileges to Super-admin appeared first on Cyber Security News.
