PSIRT Advisories

FortiManager & FortiAnalyzer - Privilege escalation vulnerability

Summary

A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system.

Affected Products

FortiManager version 6.0.0 through 6.0.11
FortiManager version 6.2.0 through 6.2.9
FortiManager version 6.4.0 through 6.4.7
FortiManager version 7.0.0 through 7.0.3
FortiAnalyzer version 6.0.0 through 6.0.11
FortiAnalyzer version 6.2.0 through 6.2.9
FortiAnalyzer version 6.4.0 through 6.4.7
FortiAnalyzer version 7.0.0 through 7.0.3

Solutions

Please upgrade to FortiManager version 6.4.8 or above.
Please upgrade to FortiManager version 7.0.4 or above.
Please upgrade to FortiManager version 7.2.0 or above.
Please upgrade to FortiAnalyzer version 6.4.8 or above.
Please upgrade to FortiAnalyzer version 7.0.4 or above.
Please upgrade to FortiAnalyzer version 7.2.0 or above.

Acknowledgement

Fortinet is pleased to thank Clément Amic, Pierre Milioni and Adrien Peter from Synacktiv for reporting this vulnerability under responsible disclosure.