Unrated severityNVD Advisory· Published Jul 18, 2022· Updated Oct 25, 2024
CVE-2022-26118
CVE-2022-26118
Description
A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system.
Affected products
3>=6.0.0, <=6.0.x; >=6.2.0, <=6.2.x; >=6.4.0, <=6.4.7; >=7.0.0, <=7.0.3+ 1 more
- (no CPE)range: >=6.0.0, <=6.0.x; >=6.2.0, <=6.2.x; >=6.4.0, <=6.4.7; >=7.0.0, <=7.0.3
- (no CPE)range: FortiManager 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3; FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3
- Range: >=6.0.0, <=6.0.x; >=6.2.0, <=6.2.x; >=6.4.0, <=6.4.7; >=7.0.0, <=7.0.3
Patches
Vulnerability mechanics
References
1- fortiguard.com/psirt/FG-IR-21-056mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.