A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system.
Weakness
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Fortianalyzer | Fortinet | 6.0.0 (including) | 6.0.11 (including) |
| Fortianalyzer | Fortinet | 6.2.0 (including) | 6.2.9 (including) |
| Fortianalyzer | Fortinet | 6.4.0 (including) | 6.4.8 (excluding) |
| Fortianalyzer | Fortinet | 7.0.0 (including) | 7.0.4 (excluding) |
| Fortimanager | Fortinet | 6.0.0 (including) | 6.0.11 (including) |
| Fortimanager | Fortinet | 6.2.0 (including) | 6.2.9 (including) |
| Fortimanager | Fortinet | 6.4.0 (including) | 6.4.8 (excluding) |
| Fortimanager | Fortinet | 7.0.0 (including) | 7.0.4 (excluding) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/122.html
- https://cwe.mitre.org/data/definitions/233.html
- https://cwe.mitre.org/data/definitions/58.html