A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Fortianalyzer | Fortinet | 6.4.0 (including) | 7.2.6 (excluding) |
| Fortianalyzer | Fortinet | 7.4.0 (including) | 7.4.4 (excluding) |
| Fortianalyzer_cloud | Fortinet | 6.4.1 (including) | 7.2.7 (excluding) |
| Fortianalyzer_cloud | Fortinet | 7.4.1 (including) | 7.4.3 (excluding) |
| Fortimanager | Fortinet | 6.4.0 (including) | 7.2.6 (excluding) |
| Fortimanager | Fortinet | 7.4.0 (including) | 7.4.4 (excluding) |
| Fortimanager_cloud | Fortinet | 7.0.1 (including) | 7.2.7 (excluding) |
| Fortimanager_cloud | Fortinet | 7.4.1 (including) | 7.4.4 (excluding) |