CVE-2021-26110

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below FortiProxy versions 2.0.1 and below, 1.2.9 and below

Description An improper access control issue may allow an authenticated low-privileged attacker to escalate their privileges to super admin via a specific crafted configuration of fabric automation CLI script and auto-script features.

Recommendations For FortiOS versions 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below, consider disabling the autod daemon until a patch is available. For FortiProxy versions 2.0.1 and below, 1.2.9 and below, restrict access to the autod daemon to minimize the risk of exploitation. As a temporary workaround, consider avoiding the use of fabric automation CLI script and auto-script features until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.