Headline
CVE-2023-26205: Fortiguard
An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script.
** PSIRT Advisories**
FortiADC - Privilege escalation vulnerability using the automation cli-script feature
Summary
An improper access control vulnerability [CWE-284] in FortiADC automation feature may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script.
Version
Affected
Solution
FortiADC 7.2
Not affected
Upgrade to 7.2.0 or above
FortiADC 7.1
7.1.0 through 7.1.2
Upgrade to 7.1.3 or above
FortiADC 7.0
7.0 all versions
Migrate to a fixed release
FortiADC 6.2
6.2 all versions
Migrate to a fixed release
FortiADC 6.1
6.1 all versions
Migrate to a fixed release
Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool
Acknowledgement
Internally discovered and reported by Wilfried Djettchou of Fortinet Product Security team.
Timeline
2023-11-07: Initial publication