FortiNAC - Privilege escalation via sudo command

Summary

An improper privilege management vulnerability [CWE-269] in FortiNAC may allow a low privilege local user with shell access to execute arbitrary commands as root.

Affected Products

FortiNAC version 9.4.0 through 9.4.1
FortiNAC version 9.2.0 through 9.2.6
FortiNAC version 9.1.0 through 9.1.8
FortiNAC all versions 8.8, 8.7, 8.6, 8.5, 8.3

Solutions

Please upgrade to FortiNAC version 9.4.2 or above
Please upgrade to FortiNAC version 9.2.7 or above
Please upgrade to FortiNAC version 9.1.9 or above
Please upgrade to FortiNAC version 7.2.0 or above

Acknowledgement

Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team.