A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system.