🟠 High  |  Source: Schneier on Security


FIFA’s internal network was found to contain a significant vulnerability that could be exploited by anyone with even minimal legitimate access, such as a contractor or low-privileged user. The flaw reportedly allowed lateral movement or escalation far beyond what a user should normally be able to access. This highlights systemic weaknesses in network segmentation and access controls within a high-profile global organisation.

Security Architect’s Take: Review your network segmentation strategy to ensure that minimal or guest-level access cannot be leveraged to traverse internal systems — implement zero-trust principles, enforce least-privilege access controls, and conduct regular internal penetration tests simulating low-privileged insider threat scenarios.

Original advisory: Vulnerability in FIFA’s Network