Privilege Escalation in FortiManager and FortiAnalyzer by Fortinet
CVE-2022-26118

6.7MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Fortimanager , Fortianalyzer
Vendor: CVE Published:; 18 July 2022

Summary

A privilege chaining vulnerability exists in FortiManager and FortiAnalyzer, where local authenticated attackers with restricted shell access can exploit incorrect permissions on certain folders and executable files. This weakness allows them to escalate their privileges to root, leading to unauthorized access and potential compromise of system integrity.

Affected Version(s)

Fortinet FortiManager , FortiAnalyzer FortiManager 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3; FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3

References

https://fortiguard.com/psirt/FG-IR-21-056

x_refsource_CONFIRM

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2022
Vulnerability Reserved
Feb 25, 2022