Security Experts:

Fortinet Patches Remote Code Execution Vulnerability in FortiManager, FortiAnalyzer

Fortinet on Monday announced the availability of patches for a vulnerability in both FortiManager and FortiAnalyzer that could allow an attacker to execute code with root privileges.

FortiManager and FortiAnalyzer are network management solutions that provide administrators with visibility into and control of tens of thousands of network devices at the same time. While FortiManager delivers full administration capabilities, FortiAnalyzer provides log management, analytics and reporting capabilities.

Tracked as CVE-2021-32589, the newly addressed vulnerability is a use-after-free bug that affects the fgfmsd daemon in FortiManager and FortiAnalyzer.

A remote, non-authenticated attacker may exploit the vulnerability by sending a specially crafted request to the fgfm port of a vulnerable device. Successful exploitation of the security hole could result in the attacker executing code with root privileges.

FGFM, Fortinet explains, is disabled by default on FortiAnalyzer. Users, however, can enable it on specific hardware models, including 1000D, 1000E, 2000E, 3000D, 3000E, 3000F, 3500E, 3500F, 3700F, and 3900E.

Customers are advised to update to FortiManager and FortiAnalyzer versions 5.6.11, 6.0.11, 6.2.8, 6.4.6, and 7.0.1 or later, which include patches for the flaw. As a workaround, administrators can disable the FortiManager features on the FortiAnalyzer unit, Fortinet says.

The United States Cybersecurity and Infrastructure Security Agency (CISA) has advised administrators to review Fortinet’s advisory and apply the patches as necessary.

“Note that FortiAnalyzer is only vulnerable where it supports FortiManager features that have been enabled, on specific hardware, with a very specific upgrade path,” CISA notes.

In an emailed comment, Fortinet said that it is not aware of the vulnerability being exploited in the wild, but that it is monitoring the situation.

“The security of our customers is our first priority. We have issued a patch and mitigations and we are proactively communicating to customers, strongly urging them to immediately update their FortiManager and FortiAnalyzer products. Additionally, we recommend that customers validate their configuration to ensure that no unauthorized changes had been implemented by a malicious third party,” Fortinet told SecurityWeek.

Related: Vulnerabilities Expose Fortinet Firewalls to Remote Attacks

Related: FBI Shares IOCs for APT Attacks Exploiting Fortinet Vulnerabilities

view counter