VYPR
Unrated severityNVD Advisory· Published Jul 18, 2022· Updated Oct 25, 2024

CVE-2022-26118

CVE-2022-26118

Description

A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system.

Affected products

3
  • Fortinet/Fortianalyzerllm-fuzzy2 versions
    >=6.0.0, <=6.0.x; >=6.2.0, <=6.2.x; >=6.4.0, <=6.4.7; >=7.0.0, <=7.0.3+ 1 more
    • (no CPE)range: >=6.0.0, <=6.0.x; >=6.2.0, <=6.2.x; >=6.4.0, <=6.4.7; >=7.0.0, <=7.0.3
    • (no CPE)range: FortiManager 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3; FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3
  • Range: >=6.0.0, <=6.0.x; >=6.2.0, <=6.2.x; >=6.4.0, <=6.4.7; >=7.0.0, <=7.0.3

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.