🟠 High | Source: Schneier on Security
FIFA’s internal network was found to contain a significant vulnerability that could be exploited by anyone with even minimal legitimate access, such as a contractor or low-privileged user. The flaw reportedly allowed lateral movement or escalation far beyond what a user should normally be able to access. This highlights systemic weaknesses in network segmentation and access controls within a high-profile global organisation.
Security Architect’s Take: Review your network segmentation strategy to ensure that minimal or guest-level access cannot be leveraged to traverse internal systems — implement zero-trust principles, enforce least-privilege access controls, and conduct regular internal penetration tests simulating low-privileged insider threat scenarios.
Original advisory: Vulnerability in FIFA’s Network