ID

VAR-202207-0070


CVE

CVE-2022-26118


TITLE

FortiManager  and  FortiAnalyzer  Vulnerability in privilege management in

Trust: 0.8

sources: JVNDB: JVNDB-2022-015257

DESCRIPTION

A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system. FortiManager and FortiAnalyzer Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiManager has a security vulnerability

Trust: 1.71

sources: NVD: CVE-2022-26118 // JVNDB: JVNDB-2022-015257 // VULHUB: VHN-416879

AFFECTED PRODUCTS

vendor:fortinetmodel:fortimanagerscope:lteversion:6.0.11

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortianalyzerscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortianalyzerscope:lteversion:6.2.9

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:ltversion:6.4.8

Trust: 1.0

vendor:fortinetmodel:fortianalyzerscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:lteversion:6.2.9

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:ltversion:7.0.4

Trust: 1.0

vendor:fortinetmodel:fortianalyzerscope:ltversion:6.4.8

Trust: 1.0

vendor:fortinetmodel:fortianalyzerscope:gteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortianalyzerscope:lteversion:6.0.11

Trust: 1.0

vendor:fortinetmodel:fortianalyzerscope:ltversion:7.0.4

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortianalyzerscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:gteversion:6.2.0

Trust: 1.0

vendor:フォーティネットmodel:fortianalyzerscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortimanagerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-015257 // NVD: CVE-2022-26118

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-26118
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2022-26118
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2022-015257
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202207-410
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-26118
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2022-015257
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-015257 // CNNVD: CNNVD-202207-410 // NVD: CVE-2022-26118 // NVD: CVE-2022-26118

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

problemtype:Improper authority management (CWE-269) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-416879 // JVNDB: JVNDB-2022-015257 // NVD: CVE-2022-26118

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-410

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202207-410

PATCH

title:FG-IR-21-056url:https://www.fortiguard.com/psirt/FG-IR-21-056

Trust: 0.8

title:Fortinet FortiManager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=201342

Trust: 0.6

sources: JVNDB: JVNDB-2022-015257 // CNNVD: CNNVD-202207-410

EXTERNAL IDS

db:NVDid:CVE-2022-26118

Trust: 3.4

db:JVNDBid:JVNDB-2022-015257

Trust: 0.8

db:CNNVDid:CNNVD-202207-410

Trust: 0.7

db:CS-HELPid:SB2022070535

Trust: 0.6

db:AUSCERTid:ESB-2022.3267

Trust: 0.6

db:VULHUBid:VHN-416879

Trust: 0.1

db:VULMONid:CVE-2022-26118

Trust: 0.1

sources: VULHUB: VHN-416879 // VULMON: CVE-2022-26118 // JVNDB: JVNDB-2022-015257 // CNNVD: CNNVD-202207-410 // NVD: CVE-2022-26118

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-21-056

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-26118

Trust: 0.8

url:https://vigilance.fr/vulnerability/fortinet-fortimanager-fortianalyzer-privilege-escalation-38741

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-26118/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3267

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022070535

Trust: 0.6

sources: VULHUB: VHN-416879 // JVNDB: JVNDB-2022-015257 // CNNVD: CNNVD-202207-410 // NVD: CVE-2022-26118

SOURCES

db:VULHUBid:VHN-416879
db:VULMONid:CVE-2022-26118
db:JVNDBid:JVNDB-2022-015257
db:CNNVDid:CNNVD-202207-410
db:NVDid:CVE-2022-26118

LAST UPDATE DATE

2024-08-14T13:22:03.884000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-416879date:2022-07-25T00:00:00
db:JVNDBid:JVNDB-2022-015257date:2023-09-26T05:03:00
db:CNNVDid:CNNVD-202207-410date:2022-07-26T00:00:00
db:NVDid:CVE-2022-26118date:2022-07-25T14:12:44.407

SOURCES RELEASE DATE

db:VULHUBid:VHN-416879date:2022-07-18T00:00:00
db:JVNDBid:JVNDB-2022-015257date:2023-09-26T00:00:00
db:CNNVDid:CNNVD-202207-410date:2022-07-05T00:00:00
db:NVDid:CVE-2022-26118date:2022-07-18T18:15:09.070