Read-Only user able to modify system files

Read-Only user able to modify system files Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-215 Final 1 1 2022-09-06T00:00:00 Current version 2022-09-06T00:00:00 2022-09-06T00:00:00 An improper privilege management vulnerability [CWE-269] in FortiADC and FortiDDoS-F may allow a remote authenticated attacker with restricted user profile to modify the system files using the shell access. None Improper access control FortiDDoS-F version 6.3.0FortiDDoS-F 6.2 all versions are not affectedFortiDDoS-F 6.1 all versions are not affectedAt leastFortiADC 7.1 all versions are not affectedFortiADC 7.0 all versions are not affectedFortiADC version 6.2.0 through 6.2.1FortiADC version 6.1.0 through 6.1.5FortiADC 6.0 all versionsFortiADC 5.4 all versionsFortiADC 5.3 all versionsFortiADC 5.2 all versions are not affectedFortiADC 5.1 all versions are not affected Please upgrade to FortiADC version 6.2.2 or above.Please upgrade to FortiADC version 7.0.0 or above.Please upgrade to FortiDDoS-F version 6.3.1 or abovePlease upgrade to FortiDDoS-F version 6.2.3 or abovePlease upgrade to FortiDDoS-F version 6.1.5 or above Fortinet is pleased to thank Danilo Costa from Conviso Application Security for reporting this vulnerability under responsible disclosure. FortiADC 6.2.1 FortiADC 6.2.0 FortiADC 6.1.5 FortiADC 6.1.4 FortiADC 6.1.3 FortiADC 6.1.2 FortiADC 6.1.1 FortiADC 6.1.0 FortiADC 6.0.4 FortiADC 6.0.3 FortiADC 6.0.2 FortiADC 6.0.1 FortiADC 6.0.0 FortiADC 5.4.5 FortiADC 5.4.4 FortiADC 5.4.3 FortiADC 5.4.2 FortiADC 5.4.1 FortiADC 5.4.0 FortiADC 5.3.7 FortiADC 5.3.6 FortiADC 5.3.5 FortiADC 5.3.4 FortiADC 5.3.3 FortiADC 5.3.2 FortiADC 5.3.1 FortiADC 5.3.0 FortiDDoS-F 6.3.0 Read-Only user able to modify system files CVE-2021-43076 FortiADC-6.2.1 FortiADC-6.2.0 FortiADC-6.1.5 FortiADC-6.1.4 FortiADC-6.1.3 FortiADC-6.1.2 FortiADC-6.1.1 FortiADC-6.1.0 FortiADC-6.0.4 FortiADC-6.0.3 FortiADC-6.0.2 FortiADC-6.0.1 FortiADC-6.0.0 FortiADC-5.4.5 FortiADC-5.4.4 FortiADC-5.4.3 FortiADC-5.4.2 FortiADC-5.4.1 FortiADC-5.4.0 FortiADC-5.3.7 FortiADC-5.3.6 FortiADC-5.3.5 FortiADC-5.3.4 FortiADC-5.3.3 FortiADC-5.3.2 FortiADC-5.3.1 FortiADC-5.3.0 FortiDDoS-F-6.3.0 6.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:F/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-21-215 Read-Only user able to modify system files Reference>