Privilege escalation vulnerability Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-056 Final 1 1 2022-07-05T00:00:00 Current version 2022-07-05T00:00:00 2022-07-05T00:00:00 A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system. None Escalation of privilege FortiManager version 6.0.0 through 6.0.11FortiManager version 6.2.0 through 6.2.9FortiManager version 6.4.0 through 6.4.7FortiManager version 7.0.0 through 7.0.3FortiAnalyzer version 6.0.0 through 6.0.11FortiAnalyzer version 6.2.0 through 6.2.9FortiAnalyzer version 6.4.0 through 6.4.7FortiAnalyzer version 7.0.0 through 7.0.3 Please upgrade to FortiManager version 6.4.8 or above.Please upgrade to FortiManager version 7.0.4 or above.Please upgrade to FortiManager version 7.2.0 or above.Please upgrade to FortiAnalyzer version 6.4.8 or above.Please upgrade to FortiAnalyzer version 7.0.4 or above.Please upgrade to FortiAnalyzer version 7.2.0 or above. Fortinet is pleased to thank Clément Amic, Pierre Milioni and Adrien Peter from Synacktiv for reporting this vulnerability under responsible disclosure. CVE-2022-26118 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-21-056 Privilege escalation vulnerability Reference>