Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
PR:H reflects mandatory admin-level tetool access; I:H captures unauthorized permission elevation; C:N and A:N because no data exposure or service disruption occurs.
Primary rating from Vendor (Fortra).
CVSS VectorVendor: Fortra
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
3DescriptionCVE.org
Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission relationships.
AnalysisAI
Incorrect privilege assignment in Fortra File Integrity Monitoring (FIM) versions prior to 9.4.0 causes the tetool import command to assign elevated or incorrect effective permissions to newly created users when FIM is actively running during import. The flaw is compounded when the import operation also creates or modifies roles or role-permission relationships, meaning users may silently receive access levels beyond what was configured. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires all three of the following conditions to be simultaneously true: (1) an administrator executes the `tetool import` command while the Fortra FIM service is actively running - the defect does not trigger if the service is stopped during import; (2) the import file creates or modifies roles or role-permission relationships in addition to creating users - imports that only create users without touching role or permission mappings may not be affected; and (3) the attacker or beneficiary is the user account created by that import, meaning the elevated privilege must then be leveraged by a separate actor or the same admin account acting beyond its intended scope. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 4.9 (Medium) with vector AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N is internally consistent: exploitation requires high-privilege access (PR:H) to execute the `tetool` import, which meaningfully constrains the attacker population to FIM administrators. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An FIM administrator performs a routine bulk user provisioning task by running `tetool import` while the FIM service is actively running, including a configuration file that defines new users alongside updated roles and role-permission mappings. Due to the privilege assignment defect, one or more imported users receive effective permissions beyond their intended role - for example, gaining write access to integrity monitoring policies or the ability to approve baseline changes. … |
| Remediation | Upgrade Fortra FIM to version 9.4.0 or later per the vendor advisory at https://www.fortra.com/security/advisories/product-security/fi-2026-010. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-266 – Incorrect Privilege Assignment
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38636
GHSA-3x8g-cjc2-45qp