Fortinet on Monday announced the availability of patches for a vulnerability in both FortiManager and FortiAnalyzer that could allow an attacker to execute code with root privileges.
FortiManager and FortiAnalyzer are network management solutions that provide administrators with visibility into and control of tens of thousands of network devices at the same time. While FortiManager delivers full administration capabilities, FortiAnalyzer provides log management, analytics and reporting capabilities.
Tracked as CVE-2021-32589, the newly addressed vulnerability is a use-after-free bug that affects the fgfmsd daemon in FortiManager and FortiAnalyzer.
A remote, non-authenticated attacker may exploit the vulnerability by sending a specially crafted request to the fgfm port of a vulnerable device. Successful exploitation of the security hole could result in the attacker executing code with root privileges.
FGFM, Fortinet explains, is disabled by default on FortiAnalyzer. Users, however, can enable it on specific hardware models, including 1000D, 1000E, 2000E, 3000D, 3000E, 3000F, 3500E, 3500F, 3700F, and 3900E.
Customers are advised to update to FortiManager and FortiAnalyzer versions 5.6.11, 6.0.11, 6.2.8, 6.4.6, and 7.0.1 or later, which include patches for the flaw. As a workaround, administrators can disable the FortiManager features on the FortiAnalyzer unit, Fortinet says.
The United States Cybersecurity and Infrastructure Security Agency (CISA) has advised administrators to review Fortinet’s advisory and apply the patches as necessary.
“Note that FortiAnalyzer is only vulnerable where it supports FortiManager features that have been enabled, on specific hardware, with a very specific upgrade path,” CISA notes.
In an emailed comment, Fortinet said that it is not aware of the vulnerability being exploited in the wild, but that it is monitoring the situation.
“The security of our customers is our first priority. We have issued a patch and mitigations and we are proactively communicating to customers, strongly urging them to immediately update their FortiManager and FortiAnalyzer products. Additionally, we recommend that customers validate their configuration to ensure that no unauthorized changes had been implemented by a malicious third party,” Fortinet told SecurityWeek.
Related: Vulnerabilities Expose Fortinet Firewalls to Remote Attacks
Related: FBI Shares IOCs for APT Attacks Exploiting Fortinet Vulnerabilities
More from Ionut Arghire
- Stealthy APT Gelsemium Seen Targeting Southeast Asian Government
- Nigerian Pleads Guilty in US to Million-Dollar BEC Scheme Role
- City of Dallas Details Ransomware Attack Impact, Costs
- In-the-Wild Exploitation Expected for Critical TeamCity Flaw Allowing Server Takeover
- Air Canada Says Employee Information Accessed in Cyberattack
- BIND Updates Patch Two High-Severity DoS Vulnerabilities
- Faster Patching Pace Validates CISA’s KEV Catalog Initiative
- TransUnion Denies Breach After Hacker Publishes Allegedly Stolen Data
Latest News
- Stealthy APT Gelsemium Seen Targeting Southeast Asian Government
- Nigerian Pleads Guilty in US to Million-Dollar BEC Scheme Role
- 900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse
- City of Dallas Details Ransomware Attack Impact, Costs
- In-the-Wild Exploitation Expected for Critical TeamCity Flaw Allowing Server Takeover
- Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks
- Researchers Discover Attempt to Infect Leading Egyptian Opposition Politician With Predator Spyware
- In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking
