
Cloud Vulnerability DB
Eine von der Community geführte Datenbank für Schwachstellen
CVE-2025-53847 is a Missing Authentication for Critical Function vulnerability (CWE-306) in the CAPWAP daemon of Fortinet FortiOS and FortiSwitchManager. It allows a local unauthenticated attacker on the same IP subnet to write device configuration via specially crafted requests, but only under a specific non-default configuration. Affected versions include FortiOS 6.2.9–6.2.17, 6.4 (all versions), 7.0.0–7.0.17, 7.2.0–7.2.11, 7.4.0–7.4.8, and 7.6.0–7.6.3. The vulnerability was internally discovered and initially published on April 14, 2026. Fortinet rates it at CVSS v3.1 score 6.2 (Medium), while NVD assigns a score of 8.8 (High) (FortiGuard Advisory).
The root cause is CWE-306 (Missing Authentication for Critical Function) in the CAPWAP (Control and Provisioning of Wireless Access Points) daemon within FortiOS and FortiSwitchManager. An attacker on the same local IP subnet can send specially crafted CAPWAP requests to the daemon without authenticating, enabling unauthorized writes to device configuration. Exploitation requires the target FortiGate to run a non-default configuration — specifically, if auto-auth-extension-device is enabled in config system interface, any device can be authorized and the vulnerability exploited without administrator authorization; if inter-controller-peer is set, the inter-controller-key should be changed even on patched versions. The attack vector is adjacent network (AV:A), requires no privileges or user interaction, and has low attack complexity (FortiGuard Advisory).
Successful exploitation allows an adjacent-network attacker to execute unauthorized code or commands and write arbitrary device configurations to the affected FortiOS system. This results in high impact to confidentiality, integrity, and availability of the device, potentially enabling full system compromise, policy manipulation, or disruption of network security controls managed by the FortiGate. Lateral movement within the network is a realistic consequence given the central role FortiOS devices play in network security infrastructure (FortiGuard Advisory, CIS Advisory).
auto-auth-extension-device enabled in config system interface, or has inter-controller-peer configured in config wireless-controller inter-controller, as exploitation requires one of these non-default settings.config system interface (e.g., auto-auth-extension-device enabled), config wireless-controller inter-controller (new inter-controller-peer entries), or newly authorized FortiAP devices not recognized by administrators.Fortinet has released patched versions: FortiOS 7.6.4, 7.4.9, 7.2.12, and 7.0.18. FortiOS 6.4 (all versions) and 6.2.9–6.2.17 users should migrate to a supported fixed release using Fortinet's upgrade path tool. As immediate workarounds: disable security fabric access on interfaces, allow only legitimate devices in Wifi Controller > Managed FortiAPs, and remove inter-controller-peer elements from config wireless-controller inter-controller. If inter-controller-peer is configured, change the inter-controller-key even after upgrading to a fixed version. Ensure auto-auth-extension-device remains disabled (it is off by default) (FortiGuard Advisory).
The vulnerability was covered as part of a broader Fortinet patch release addressing 11 vulnerabilities across FortiSandbox, FortiOS, FortiAnalyzer, and FortiManager, receiving coverage from cybersecurity news outlets including CyberSecurityNews and CyberPress (CyberSecurityNews). The Center for Internet Security (CIS) issued an advisory noting that multiple Fortinet vulnerabilities in this batch could allow for arbitrary code execution (CIS Advisory). No notable individual researcher commentary or significant social media discussion specific to CVE-2025-53847 has been observed beyond standard vulnerability reporting.
Quelle: Dieser Bericht wurde mithilfe von KI erstellt
Kostenlose Schwachstellenbewertung
Bewerten Sie Ihre Cloud-Sicherheitspraktiken in 9 Sicherheitsbereichen, um Ihr Risikoniveau zu bewerten und Lücken in Ihren Abwehrmaßnahmen zu identifizieren.
Eine personalisierte Demo anfordern
"Die beste Benutzererfahrung, die ich je gesehen habe, bietet vollständige Transparenz für Cloud-Workloads."
"„Wiz bietet eine zentrale Oberfläche, um zu sehen, was in unseren Cloud-Umgebungen vor sich geht.“ "
"„Wir wissen, dass, wenn Wiz etwas als kritisch identifiziert, es auch wirklich kritisch ist.“"