CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-40591

Critical Severity
SVRS
71/100
CVSSv3
8.0/10
EPSS
0.00054/1

CVE-2024-40591 is a critical privilege escalation vulnerability affecting Fortinet FortiOS. This vulnerability allows an authenticated administrator with specific Security Fabric permissions to gain super-admin privileges. The CVE, impacting versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15, arises due to incorrect privilege assignments. An attacker could exploit this by connecting a FortiGate to a malicious, attacker-controlled upstream FortiGate. While the CVSS score is 8, the SOCRadar Vulnerability Risk Score (SVRS) is 71, suggesting a significant risk, especially since it is tagged as "In The Wild," requiring careful review of potentially impacted devices. This privilege escalation could lead to complete system compromise, data breaches, and significant disruption of services, making it a high-priority security concern.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:L
UI:N
S:U
C:H
I:H
A:H
E:P
RL:X
RC:R
PUBLICATION DATE2025-02-11
LAST MODIFIED2025-02-14
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-40591 describes an incorrect privilege assignment vulnerability in Fortinet FortiOS. Specifically, an authenticated administrator with Security Fabric permissions can escalate their privileges to super-admin. This is achieved by connecting the vulnerable FortiGate device to a malicious upstream FortiGate controlled by the attacker. This vulnerability affects FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9, and before 7.0.15. Although the CVSS score is 8.8 (High), the SVRS score is 0, indicating that, based on the vulnerability intelligence gathered by SOCRadar from sources like social media, news, code repositories, the dark/deep web, and associations with threat actors, the real-world risk and urgency are currently low.

Key Insights

  1. Privilege Escalation: The core issue is a privilege escalation vulnerability. An attacker with limited admin access (Security Fabric permissions) can gain complete control (super-admin) over the FortiGate device.

  2. Malicious Upstream FortiGate Requirement: The exploitation of this vulnerability requires the attacker to control a malicious upstream FortiGate. This adds a layer of complexity to the attack, but it's still a significant risk if the attacker can position such a device within the network.

  3. Affected Versions: Multiple FortiOS versions are affected, increasing the potential attack surface. Organizations need to identify and patch vulnerable FortiGate devices across their infrastructure.

  4. Low SVRS Score: The low SVRS score suggests that there is currently no active exploit. This can change quickly, underscoring the need to still remain vigilant.

Mitigation Strategies

  1. Upgrade FortiOS: The primary mitigation is to upgrade FortiOS to a version that is not affected by CVE-2024-40591. Ensure proper testing is conducted in a lab environment before applying updates to production systems. Fortinet will release a patch so keeping an eye on security advisories is crucial.

  2. Network Segmentation: Implement network segmentation to limit the blast radius of a compromised FortiGate device. This can prevent lateral movement and reduce the impact of a successful privilege escalation. This would reduce the attacker's ability to set up the "malicious upstream FortiGate" that the attack requires.

  3. Monitor Security Fabric Connections: Closely monitor Security Fabric connections for any unusual activity. This can help detect and respond to an attacker attempting to exploit this vulnerability.

  4. Review Administrator Access: Regularly review administrator access profiles and permissions to ensure that users only have the necessary privileges. Follow the principle of least privilege.

Additional Information

Although the SVRS score is currently low, it is critical to continually monitor for changes in exploit activity, threat actor interest, and new information related to CVE-2024-40591. If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-40591 | Fortinet FortiOS up to 6.4.15/7.0.15/7.2.9/7.4.4/7.6.0 privileges assignment (FG-IR-24-302 / Nessus ID 216115)
vuldb.com2025-02-12
CVE-2024-40591 | Fortinet FortiOS up to 6.4.15/7.0.15/7.2.9/7.4.4/7.6.0 privileges assignment (FG-IR-24-302 / Nessus ID 216115) | A vulnerability classified as critical has been found in Fortinet FortiOS up to 6.4.15/7.0.15/7.2.9/7.4.4/7.6.0. Affected is an unknown function. The manipulation leads to incorrect privilege assignment. This vulnerability is traded as CVE-2024-40591. It is possible to launch the attack remotely. There is no exploit available. It is recommended to
vuldb.com
rss
forum
news

Social Media

Vulnerabilidad crítica en FortiOS Security Fabric (CVE-2024-40591) https://t.co/0HB9PDoyhs #Internet #Noticia #ciberSeguridad #Tecnología vía @elhackernet https://t.co/aOJwVUoXBE
0
0
0
🚨 A critical #FortiOS vulnerability (CVE-2024-40591) allows privilege escalation to super-admin level! Affected versions: 7.6.0, 7.4.x, 7.2.x, 7.0.x, and all 6.4. Update ASAP! Read: https://t.co/kBQze6DUGJ #CyberSecurity #Fortinet #InfoSec #Vulnerability
0
0
1

Affected Software

No affected software found for this CVE

References

ReferenceLink
HTTPS://FORTIGUARD.FORTINET.COM/PSIRT/FG-IR-24-302https://fortiguard.fortinet.com/psirt/FG-IR-24-302
[email protected]https://fortiguard.fortinet.com/psirt/FG-IR-24-302

CWE Details

CWE IDCWE NameDescription
CWE-266Incorrect Privilege AssignmentA product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence