Firewall policy bypass in FSSO Terminal Services Agent

Low Risk3.8FG-IR-25-384Feb 10, 2026

Fortinet

IT in OT - Fortinet products are commonly deployed at IT/OT network boundaries

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityHigh

User InteractionNone needed

Summary

An improper access control vulnerability in the FSSO Terminal Services Agent allows an authenticated local user to bypass firewall policies. The vulnerability affects FortiOS versions 7.0 through 7.6.4, with fixes available for 7.6.5+ and migration paths required for older branches. This is not a remotely exploitable issue but poses a risk if local access is compromised or if administrative credentials are not properly segregated.

What this means

What could happen

An authenticated local user could bypass firewall security policies enforced by the FSSO (Fortinet Single Sign-On) Terminal Services Agent, potentially allowing unauthorized traffic or access to restricted network segments.

Who's at risk

This affects organizations running Fortinet FortiOS firewalls, particularly those using FSSO Terminal Services Agent for centralized user authentication and policy enforcement. Any utility or municipality using FortiOS to protect control network segments or to enforce policy on engineering workstations should assess their version and authentication posture.

How it could be exploited

An attacker with local access to a FortiOS system (or compromised engineering workstation credentials) could manipulate FSSO Terminal Services Agent authentication to bypass firewall policies. This requires local privilege level and interaction with the FSSO mechanism, making it a low-complexity but locally-scoped attack.

Prerequisites

Local or local network access to FortiOS management interface
Low-level user credentials (privilege level 1 or higher)
Access to system where FSSO Terminal Services Agent is running
Specific FortiOS version in affected range (7.0–7.6.4)

Low CVSS score but exploitable with local accessAffects all versions 7.0–7.6.4FSSO is commonly used in enterprise networks for centralized access control

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

FortiOS7.6.0 - 7.6.47.6.5+

FortiOS7.2 all versionsMigrate to fixed release

FortiOS7.0 all versionsMigrate to fixed release

FortiOS7.4.0 - 7.4.97.6.5+

Remediation & Mitigation

0/5

Do now

0/2

FortiOS

HARDENINGRestrict local access to FortiOS management interface to authorized engineering and operations staff only

All products

WORKAROUNDDisable FSSO Terminal Services Agent if not actively used for your authentication workflow

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

FortiOS

HOTFIXUpdate FortiOS 7.6.x deployments to version 7.6.5 or later

HOTFIXMigrate FortiOS 7.4.x and 7.2.x deployments to a fixed release branch (7.6.5+)

Long-term hardening

0/1

FortiOS

HARDENINGImplement network segmentation to limit which devices can reach the FortiOS management plane

CVEs (1)

CVE-2025-62439

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e31c64a8-f262-4ca5-9fdc-d03054a1d21e

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.