CVE-2021-26089 – Fortinet FortiClient Incorrect Permission Assignment Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2021-26089

An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase. Un seguimiento inapropiado de los enlaces simbólicos en FortiClient para Mac versiones 6.4.3 y por debajo, puede permitir a un usuario no privilegiado ejecutar comandos de shell con privilegios arbitrarios durante la fase de instalación This vulnerability allows local attackers to escalate privileges on affected installations of Fortinet FortiClient on Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the FortiClient installer. The issue lies in the lack of proper permissions set on log files created by the installer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://fortiguard.com/advisory/FG-IR-21-022 https://www.zerodayinitiative.com/advisories/ZDI-22-078 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •