Fortinet FortiOS, FortiProxy, and FortiPAM Improper Privilege Management Vulnerability Allowing Trusted Host Policy Bypass

A vulnerability allowing improper privilege management has been identified in multiple Fortinet products, including FortiOS versions 7.6.0 through 7.6.3, all versions of FortiOS 7.4, 7.2, 7.0, and 6.4, as well as FortiPAM versions 1.6.0, 1.5, 1.4, 1.3, 1.2, 1.1, and 1.0, and FortiProxy versions 7.6.0 through 7.6.3, 7.4, 7.2, and 7.0. This vulnerability may allow an authenticated administrator to bypass the trusted host policy by using crafted CLI commands.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation by allowing an administrator to bypass established trusted host policies.

Remediation

Users can upgrade Fortinet FortiOS to version 7.6.4 or above. For Fortinet FortiPAM, version 1.6.1 or above is recommended. Fortinet FortiProxy users should upgrade to version 7.6.4 or above. Instructions for migrating to a fixed release can be found in Fortinet's upgrade tool.