CVE-2025-54820
CVE-2026-22627 (Critical - CVSS 8.8) This vulnerability can be exploited by an attacker who has access to the same local network segment as the affected system. Because it does not require authentication and has low attack complexity, exploitation may be straightforward. If successfully exploited, this vulnerability may allow an unauthenticated attacker within the same adjacent network to execute unauthorized code or commands on the device via sending a crafted LLDP packet. CVE-2025-54820 (Critical – CVSS 8.1) This vulnerability is remotely exploitable over the network and does not require authentication. Although the attack complexity is high, meaning specific conditions must be met, successful exploitation can have severe consequences. An attacker who successfully exploits this vulnerability may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. The success of the attack depends on the ability to bypass the stack protection mechanisms. CVE-2026-24017 (Critical – CVSS 8.1) This vulnerability shares similar characteristics to CVE-2025-54820 and is also remotely exploitable without authentication. If exploited, this vulnerability may allow a remote unauthenticated attacker to bypass the authentication rate-limit via crafted requests. The success of the attack depends on the attacker's resources and the password target complexity. CVE-2026-24018 (High – CVSS 7.8) This is a local privilege escalation vulnerability that requires an attacker to already have low-level access to the system. Because exploitation is considered low complexity, an attacker who gains initial access through another vector may quickly escalate privileges. Successful exploitation may allow a local and unprivileged user to escalate their privileges to root.
EPSS 0.06% · 19.5th percentile
Risk Scores
Timeline
- Mar 10, 2026 CVE Published
- Mar 11, 2026 EPSS Score
- Mar 12, 2026 EPSS Score
- Mar 12, 2026 CVE Updated
- Mar 13, 2026 EPSS Score
- Mar 14, 2026 EPSS Score
- Mar 15, 2026 EPSS Score
- Mar 16, 2026 EPSS Score
- Mar 17, 2026 EPSS Score
- Mar 17, 2026 Security Advisory
- Mar 17, 2026 Security Advisory
- Mar 17, 2026 Security Advisory
References
- https://ccb.belgium.be/advisories/warning-fortinet-patched-22-vulnerabilities-multiple-products-patch-immediately advisory
- https://fortiguard.fortinet.com/psirt?page=1&date=&severity=&product=&component=&version= vendor
- https://www.securityweek.com/fortinet-ivanti-intel-patch-high-severity-vulnerabilities/ technical