Privilege escalation vulnerability using the automation script feature Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-20-131 Final 1 1 2021-12-07T00:00:00 Current version 2021-12-07T00:00:00 2021-12-07T00:00:00 An improper access control vulnerability [CWE-284] in FortiOS and FortiProxy autod daemon may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features. Improper access control FortiOS version 7.0.0FortiOS versions 6.4.6 and below.FortiOS versions 6.2.9 and below.FortiOS versions 6.0.12 and below.FortiOS 5.6 all versionsFortiProxy versions 2.0.1 and below.FortiProxy versions 1.2.9 and below.FortiProxy versions 1.1.xFortiProxy versions 1.0.x Please upgrade to FortiOS version 7.0.1 or above.Please upgrade to FortiOS version 6.4.7 or above.Please upgrade to FortiOS version 6.2.10 or above.Please upgrade to FortiOS version 6.0.13 or above.For new high-end F-Series Models (FG-1800F, FG-3800F, FG-4200F, FG-4400F) please upgrade to 6.2.9Please upgrade to FortiProxy version 2.0.2 or above.Please upgrade to FortiProxy version 1.2.10 or above. CVE-2021-26110 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-20-131 Privilege escalation vulnerability using the automation script feature Reference>