Fortinet has patched a High risk use-after-free vulnerability (CVE-2021-32589) in FortiManager and FortiAnalyzer fgfmsd daemon.
An attacker could exploit the vulnerability to launch remote code execution (RCE) as root and take control of an impacted system.
“A Use After Free (CWE-416) vulnerability in FortiManager and FortiAnalyzer fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device,” Fortinet warned in the advisory.
Network administrators are highly encouraged to upgrade to the following versions:
- FortiManager version:
- 5.6.11 or above.
- 6.0.11 or above.
- 6.2.8 or above.
- 6.4.6 or above.
- FortiAnalyzer version:
- 5.6.11 or above.
- 6.0.11 or above.
- 6.2.8 or above.
- 6.4.6 or above.
- 7.0.1 or above.
Moreover, administrators can also implement a workaround by disabling certain FortiManager features on the FortiAnalyzer.
Readers may recall just this past April when cybersecurity experts from the FBI and CISA issued a joint cybersecurity advisory warning of APT exploits of Fortinet FortiOS vulnerabilities. This just underscores the urgency of addressing network-based vulnerabilities before exploits are targeted by actors.
Related Articles
- FBI and CISA warn of Fortinet FortiOS vulnerability exploits
- Hackers target 50K vulnerable Fortinet devices to steal passwords
- Threat actors breach South Korean atomic research institute via VPN vulnerability
- Alert: Attackers exploiting Pulse Connect Secure vulnerabilities (updated)
- APT actors exploit legacy internet-facing vulnerabilities in combination with Zerologon to target organizations
- APT attackers exploit multiple VPN software vulnerabilities