var-202207-0070
Vulnerability from variot
A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system. FortiManager and FortiAnalyzer Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiManager has a security vulnerability
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0070", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortianalyzer", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortianalyzer", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.0.4" }, { "model": "fortianalyzer", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.11" }, { "model": "fortimanager", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.11" }, { "model": "fortimanager", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "6.4.8" }, { "model": "fortimanager", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "7.0.0" }, { "model": "fortianalyzer", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.9" }, { "model": "fortianalyzer", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "6.4.8" }, { "model": "fortimanager", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.9" }, { "model": "fortimanager", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "7.0.4" }, { "model": "fortimanager", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortianalyzer", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortianalyzer", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.0" }, { "model": "fortimanager", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.0" }, { "model": "fortimanager", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortianalyzer", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortianalyzer", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortimanager", "scope": null, "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015257" }, { "db": "NVD", "id": "CVE-2022-26118" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "6.0.11", "versionStartIncluding": "6.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "6.2.9", "versionStartIncluding": "6.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "6.2.9", "versionStartIncluding": "6.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "6.0.11", "versionStartIncluding": "6.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.4.8", "versionStartIncluding": "6.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.0.4", "versionStartIncluding": "7.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.4.8", "versionStartIncluding": "6.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.0.4", "versionStartIncluding": "7.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-26118" } ] }, "cve": "CVE-2022-26118", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 0.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "OTHER", "availabilityImpact": "High", "baseScore": 6.7, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2022-015257", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-26118", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@fortinet.com", "id": "CVE-2022-26118", "trust": 1.0, "value": "MEDIUM" }, { "author": "OTHER", "id": "JVNDB-2022-015257", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202207-410", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015257" }, { "db": "NVD", "id": "CVE-2022-26118" }, { "db": "NVD", "id": "CVE-2022-26118" }, { "db": "CNNVD", "id": "CNNVD-202207-410" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system. FortiManager and FortiAnalyzer Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiManager has a security vulnerability", "sources": [ { "db": "NVD", "id": "CVE-2022-26118" }, { "db": "JVNDB", "id": "JVNDB-2022-015257" }, { "db": "VULHUB", "id": "VHN-416879" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-26118", "trust": 3.4 }, { "db": "JVNDB", "id": "JVNDB-2022-015257", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202207-410", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2022070535", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.3267", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-416879", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2022-26118", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-416879" }, { "db": "VULMON", "id": "CVE-2022-26118" }, { "db": "JVNDB", "id": "JVNDB-2022-015257" }, { "db": "NVD", "id": "CVE-2022-26118" }, { "db": "CNNVD", "id": "CNNVD-202207-410" } ] }, "id": "VAR-202207-0070", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-416879" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T13:06:38.868000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-21-056", "trust": 0.8, "url": "https://www.fortiguard.com/psirt/fg-ir-21-056" }, { "title": "Fortinet FortiManager Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=201342" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015257" }, { "db": "CNNVD", "id": "CNNVD-202207-410" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-269", "trust": 1.1 }, { "problemtype": "Improper authority management (CWE-269) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-416879" }, { "db": "JVNDB", "id": "JVNDB-2022-015257" }, { "db": "NVD", "id": "CVE-2022-26118" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://fortiguard.com/psirt/fg-ir-21-056" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26118" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fortinet-fortimanager-fortianalyzer-privilege-escalation-38741" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-26118/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.3267" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022070535" } ], "sources": [ { "db": "VULHUB", "id": "VHN-416879" }, { "db": "JVNDB", "id": "JVNDB-2022-015257" }, { "db": "NVD", "id": "CVE-2022-26118" }, { "db": "CNNVD", "id": "CNNVD-202207-410" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-416879" }, { "db": "VULMON", "id": "CVE-2022-26118" }, { "db": "JVNDB", "id": "JVNDB-2022-015257" }, { "db": "NVD", "id": "CVE-2022-26118" }, { "db": "CNNVD", "id": "CNNVD-202207-410" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-18T00:00:00", "db": "VULHUB", "id": "VHN-416879" }, { "date": "2023-09-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-015257" }, { "date": "2022-07-18T18:15:09.070000", "db": "NVD", "id": "CVE-2022-26118" }, { "date": "2022-07-05T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-410" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-25T00:00:00", "db": "VULHUB", "id": "VHN-416879" }, { "date": "2023-09-26T05:03:00", "db": "JVNDB", "id": "JVNDB-2022-015257" }, { "date": "2022-07-25T14:12:44.407000", "db": "NVD", "id": "CVE-2022-26118" }, { "date": "2022-07-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-410" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-410" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FortiManager\u00a0 and \u00a0FortiAnalyzer\u00a0 Vulnerability in privilege management in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015257" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-410" } ], "trust": 0.6 } }