FortiNAC - improper permissions set for tomcat users configuration file
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-21-178
Final
1
1
2021-12-07T00:00:00
Current version
2021-12-07T00:00:00
2021-12-07T00:00:00
An incorrect permission assignment for a critical resource vulnerability [CWE-732] in FortiNAC may allow an authenticated attacker to access sensitive system data and, as a consequence, raise the authenticated user's privilege to admin.
Escalation of privilege
FortiNAC version 9.2.0 and below. FortiNAC version 9.1.3 and below. FortiNAC version 8.8.9 and below.
Upgrade to upcoming FortiNAC version 10.0.0 or above. Upgrade to FortiNAC version 9.2.1 or above. Upgrade to FortiNAC version 9.1.4 or above. Upgrade to FortiNAC version 8.8.10 or above.
Fortinet is pleased to thank the Orange CERT-CC team for reporting this vulnerability under responsible disclosure.
FortiNAC 9.2.0
FortiNAC 9.1.3
FortiNAC 9.1.2
FortiNAC 9.1.1
FortiNAC 9.1.0
FortiNAC 8.8.9
FortiNAC 8.8.8
FortiNAC 8.8.7
FortiNAC 8.8.6
FortiNAC 8.8.5
FortiNAC 8.8.4
FortiNAC 8.8.3
FortiNAC 8.8.2
FortiNAC 8.8.1
FortiNAC 8.8.0
FortiNAC - improper permissions set for tomcat users configuration file
CVE-2021-43065
FortiNAC-9.2.0
FortiNAC-9.1.3
FortiNAC-9.1.2
FortiNAC-9.1.1
FortiNAC-9.1.0
FortiNAC-8.8.9
FortiNAC-8.8.8
FortiNAC-8.8.7
FortiNAC-8.8.6
FortiNAC-8.8.5
FortiNAC-8.8.4
FortiNAC-8.8.3
FortiNAC-8.8.2
FortiNAC-8.8.1
FortiNAC-8.8.0
7.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C
https://fortiguard.fortinet.com/psirt/FG-IR-21-178
FortiNAC - improper permissions set for tomcat users configuration file
Reference>