PSIRT Advisories
FortiSOAR - Privilege escalation from nginx user to root
Summary
An improper privilege management vulnerability [CWE-269] in FortiSOAR may allow a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical exploit) to execute arbitrary Python commands as root.
Affected Products
FortiSOAR version 7.2.0FortiSOAR version 7.0.0 through 7.0.2
FortiSOAR version 6.4.0 through 6.4.4
Solutions
Please upgrade to FortiSOAR version 7.2.1 or abovePlease upgrade to FortiSOAR version 7.0.3 or above