VYPR
Unrated severityNVD Advisory· Published Feb 11, 2025· Updated Feb 26, 2026

CVE-2024-40591

CVE-2024-40591

Description

An incorrect privilege assignment vulnerability [CWE-266] in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15 allows an authenticated admin whose access profile has the Security Fabric permission to escalate their privileges to super-admin by connecting the targetted FortiGate to a malicious upstream FortiGate they control.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Fortinet/Fortiosv52 versions
    cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*range: 7.6.0
    • (no CPE)range: 7.6.0, 7.4.0-7.4.4, 7.2.0-7.2.9, <7.0.15

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.