FortiManager & FortiAnalyzer - Privilege escalation vulnerability
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-21-056
Final
1
1
2022-07-05T00:00:00
Current version
2022-07-05T00:00:00
2022-07-05T00:00:00
A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system.
None
Escalation of privilege
FortiManager version 6.0.0 through 6.0.11 FortiManager version 6.2.0 through 6.2.9 FortiManager version 6.4.0 through 6.4.7 FortiManager version 7.0.0 through 7.0.3 FortiAnalyzer version 6.0.0 through 6.0.11 FortiAnalyzer version 6.2.0 through 6.2.9 FortiAnalyzer version 6.4.0 through 6.4.7 FortiAnalyzer version 7.0.0 through 7.0.3
Please upgrade to FortiManager version 6.4.8 or above. Please upgrade to FortiManager version 7.0.4 or above. Please upgrade to FortiManager version 7.2.0 or above. Please upgrade to FortiAnalyzer version 6.4.8 or above. Please upgrade to FortiAnalyzer version 7.0.4 or above. Please upgrade to FortiAnalyzer version 7.2.0 or above.
Fortinet is pleased to thank Clément Amic, Pierre Milioni and Adrien Peter from Synacktiv for reporting this vulnerability under responsible disclosure.
FortiAnalyzer 7.0.3
FortiAnalyzer 7.0.2
FortiAnalyzer 7.0.1
FortiAnalyzer 7.0.0
FortiAnalyzer 6.4.7
FortiAnalyzer 6.4.6
FortiAnalyzer 6.4.5
FortiAnalyzer 6.4.4
FortiAnalyzer 6.4.3
FortiAnalyzer 6.4.2
FortiAnalyzer 6.4.1
FortiAnalyzer 6.4.0
FortiAnalyzer 6.2.11
FortiAnalyzer 6.2.10
FortiAnalyzer 6.2.9
FortiAnalyzer 6.2.8
FortiAnalyzer 6.2.7
FortiAnalyzer 6.2.6
FortiAnalyzer 6.2.5
FortiAnalyzer 6.2.4
FortiAnalyzer 6.2.3
FortiAnalyzer 6.2.2
FortiAnalyzer 6.2.1
FortiAnalyzer 6.2.0
FortiAnalyzer 6.0.12
FortiAnalyzer 6.0.11
FortiAnalyzer 6.0.10
FortiAnalyzer 6.0.9
FortiAnalyzer 6.0.8
FortiAnalyzer 6.0.7
FortiAnalyzer 6.0.6
FortiAnalyzer 6.0.5
FortiAnalyzer 6.0.4
FortiAnalyzer 6.0.3
FortiAnalyzer 6.0.2
FortiAnalyzer 6.0.1
FortiAnalyzer 6.0.0
FortiManager 7.0.3
FortiManager 7.0.2
FortiManager 7.0.1
FortiManager 7.0.0
FortiManager 6.4.7
FortiManager 6.4.6
FortiManager 6.4.5
FortiManager 6.4.4
FortiManager 6.4.3
FortiManager 6.4.2
FortiManager 6.4.1
FortiManager 6.4.0
FortiManager 6.2.12
FortiManager 6.2.11
FortiManager 6.2.10
FortiManager 6.2.9
FortiManager 6.2.8
FortiManager 6.2.7
FortiManager 6.2.6
FortiManager 6.2.5
FortiManager 6.2.4
FortiManager 6.2.3
FortiManager 6.2.2
FortiManager 6.2.1
FortiManager 6.2.0
FortiManager 6.0.12
FortiManager 6.0.11
FortiManager 6.0.10
FortiManager 6.0.9
FortiManager 6.0.8
FortiManager 6.0.7
FortiManager 6.0.6
FortiManager 6.0.5
FortiManager 6.0.4
FortiManager 6.0.3
FortiManager 6.0.2
FortiManager 6.0.1
FortiManager 6.0.0
FortiManager & FortiAnalyzer - Privilege escalation vulnerability
CVE-2022-26118
FortiAnalyzer-7.0.3
FortiAnalyzer-7.0.2
FortiAnalyzer-7.0.1
FortiAnalyzer-7.0.0
FortiAnalyzer-6.4.7
FortiAnalyzer-6.4.6
FortiAnalyzer-6.4.5
FortiAnalyzer-6.4.4
FortiAnalyzer-6.4.3
FortiAnalyzer-6.4.2
FortiAnalyzer-6.4.1
FortiAnalyzer-6.4.0
FortiAnalyzer-6.2.11
FortiAnalyzer-6.2.10
FortiAnalyzer-6.2.9
FortiAnalyzer-6.2.8
FortiAnalyzer-6.2.7
FortiAnalyzer-6.2.6
FortiAnalyzer-6.2.5
FortiAnalyzer-6.2.4
FortiAnalyzer-6.2.3
FortiAnalyzer-6.2.2
FortiAnalyzer-6.2.1
FortiAnalyzer-6.2.0
FortiAnalyzer-6.0.12
FortiAnalyzer-6.0.11
FortiAnalyzer-6.0.10
FortiAnalyzer-6.0.9
FortiAnalyzer-6.0.8
FortiAnalyzer-6.0.7
FortiAnalyzer-6.0.6
FortiAnalyzer-6.0.5
FortiAnalyzer-6.0.4
FortiAnalyzer-6.0.3
FortiAnalyzer-6.0.2
FortiAnalyzer-6.0.1
FortiAnalyzer-6.0.0
FortiManager-7.0.3
FortiManager-7.0.2
FortiManager-7.0.1
FortiManager-7.0.0
FortiManager-6.4.7
FortiManager-6.4.6
FortiManager-6.4.5
FortiManager-6.4.4
FortiManager-6.4.3
FortiManager-6.4.2
FortiManager-6.4.1
FortiManager-6.4.0
FortiManager-6.2.12
FortiManager-6.2.11
FortiManager-6.2.10
FortiManager-6.2.9
FortiManager-6.2.8
FortiManager-6.2.7
FortiManager-6.2.6
FortiManager-6.2.5
FortiManager-6.2.4
FortiManager-6.2.3
FortiManager-6.2.2
FortiManager-6.2.1
FortiManager-6.2.0
FortiManager-6.0.12
FortiManager-6.0.11
FortiManager-6.0.10
FortiManager-6.0.9
FortiManager-6.0.8
FortiManager-6.0.7
FortiManager-6.0.6
FortiManager-6.0.5
FortiManager-6.0.4
FortiManager-6.0.3
FortiManager-6.0.2
FortiManager-6.0.1
FortiManager-6.0.0
6.5
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C
https://fortiguard.fortinet.com/psirt/FG-IR-21-056
FortiManager & FortiAnalyzer - Privilege escalation vulnerability
Reference>