Skip to main content

Fortra FIM EUVDEUVD-2026-38636

| CVE-2026-12164 MEDIUM
Incorrect Privilege Assignment (CWE-266)
2026-06-23 Fortra GHSA-3x8g-cjc2-45qp
4.4
CVSS 3.1 · Vendor: Fortra
Share

Severity by source

Vendor (Fortra) PRIMARY
4.4 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
vuln.today AI
4.9 MEDIUM

PR:H reflects mandatory admin-level tetool access; I:H captures unauthorized permission elevation; C:N and A:N because no data exposure or service disruption occurs.

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (Fortra).

CVSS VectorVendor: Fortra

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

3
Patch available
Jun 24, 2026 - 02:00 EUVD
CVSS changed
Jun 23, 2026 - 23:22 NVD
4.9 (MEDIUM) 4.4 (MEDIUM)
Analysis Generated
Jun 23, 2026 - 22:47 vuln.today

DescriptionCVE.org

Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission relationships.

AnalysisAI

Incorrect privilege assignment in Fortra File Integrity Monitoring (FIM) versions prior to 9.4.0 causes the tetool import command to assign elevated or incorrect effective permissions to newly created users when FIM is actively running during import. The flaw is compounded when the import operation also creates or modifies roles or role-permission relationships, meaning users may silently receive access levels beyond what was configured. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Admin executes tetool import while FIM service running
Delivery
Import includes role or permission relationship changes
Exploit
FIM assigns incorrect elevated permissions to new user
Execution
Elevated user gains unintended write access
Impact
User modifies integrity monitoring baselines or policies

Vulnerability AssessmentAI

Exploitation Exploitation requires all three of the following conditions to be simultaneously true: (1) an administrator executes the `tetool import` command while the Fortra FIM service is actively running - the defect does not trigger if the service is stopped during import; (2) the import file creates or modifies roles or role-permission relationships in addition to creating users - imports that only create users without touching role or permission mappings may not be affected; and (3) the attacker or beneficiary is the user account created by that import, meaning the elevated privilege must then be leveraged by a separate actor or the same admin account acting beyond its intended scope. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 4.9 (Medium) with vector AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N is internally consistent: exploitation requires high-privilege access (PR:H) to execute the `tetool` import, which meaningfully constrains the attacker population to FIM administrators. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An FIM administrator performs a routine bulk user provisioning task by running `tetool import` while the FIM service is actively running, including a configuration file that defines new users alongside updated roles and role-permission mappings. Due to the privilege assignment defect, one or more imported users receive effective permissions beyond their intended role - for example, gaining write access to integrity monitoring policies or the ability to approve baseline changes. …
Remediation Upgrade Fortra FIM to version 9.4.0 or later per the vendor advisory at https://www.fortra.com/security/advisories/product-security/fi-2026-010. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-38636 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy