CVE-2022-26118

Published: Jul 18, 2022Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system.

Affected (8)

Products: Fortinet: Fortianalyzer, Fortimanager

Fortinet

2 products

Fortianalyzer

Fortimanager

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortianalyzer	From 6.0.0 to 6.0.11
Fortinet Fortianalyzer	From 6.2.0 to 6.2.9
Fortinet Fortianalyzer	From 6.4.0 to 6.4.8
Fortinet Fortianalyzer	From 7.0.0 to 7.0.4
Fortinet Fortimanager	From 6.0.0 to 6.0.11
Fortinet Fortimanager	From 6.2.0 to 6.2.9
Fortinet Fortimanager	From 6.4.0 to 6.4.8
Fortinet Fortimanager	From 7.0.0 to 7.0.4

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://fortiguard.com/psirt/FG-IR-21-056

Source: psirt@fortinet.com

PatchVendor Advisory

https://fortiguard.com/psirt/FG-IR-21-056

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.