A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands
Weakness
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Fortianalyzer | Fortinet | 6.4.0 (including) | 7.2.6 (excluding) |
| Fortianalyzer | Fortinet | 7.4.0 (including) | 7.4.4 (excluding) |
| Fortianalyzer_cloud | Fortinet | 6.4.1 (including) | 7.2.7 (excluding) |
| Fortianalyzer_cloud | Fortinet | 7.4.1 (including) | 7.4.3 (excluding) |
| Fortimanager | Fortinet | 6.4.0 (including) | 7.2.6 (excluding) |
| Fortimanager | Fortinet | 7.4.0 (including) | 7.4.4 (excluding) |
| Fortimanager_cloud | Fortinet | 7.0.1 (including) | 7.2.7 (excluding) |
| Fortimanager_cloud | Fortinet | 7.4.1 (including) | 7.4.4 (excluding) |