vulnerability

Fortinet FortiManager: Improper Privilege Management (CVE-2022-26118)

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:L/Au:M/C:C/I:C/A:C)

Published

Jul 18, 2022

Added

Nov 14, 2022

Modified

Apr 7, 2026

Description

A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system.

Solutions

fortinet-fortimanager-upgrade-6_0_12fortinet-fortimanager-upgrade-6_2_10fortinet-fortimanager-upgrade-6_4_9fortinet-fortimanager-upgrade-7_0_4

References

CVE-2022-26118
https://attackerkb.com/topics/CVE-2022-26118
CWE-269
EUVD-EUVD-2022-30685
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-30685
https://fortiguard.com/psirt/FG-IR-21-056

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report