Improper permissions set for tomcat users configuration file Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-178 Final 1 1 2021-12-07T00:00:00 Current version 2021-12-07T00:00:00 2021-12-07T00:00:00 An incorrect permission assignment for a critical resource vulnerability [CWE-732] in FortiNAC may allow an authenticated attacker to access sensitive system data and, as a consequence, raise the authenticated user's privilege to admin. Escalation of privilege FortiNAC version 9.2.0 and below.FortiNAC version 9.1.3 and below.FortiNAC version 8.8.9 and below. Upgrade to upcoming FortiNAC version 10.0.0 or above.Upgrade to FortiNAC version 9.2.1 or above.Upgrade to FortiNAC version 9.1.4 or above.Upgrade to FortiNAC version 8.8.10 or above. Fortinet is pleased to thank the Orange CERT-CC team for reporting this vulnerability under responsible disclosure. CVE-2021-43065 7.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-21-178 Improper permissions set for tomcat users configuration file Reference>