Connect with us

Hi, what are you looking for?



Fortinet Patches Remote Code Execution Vulnerability in FortiManager, FortiAnalyzer

Fortinet on Monday announced the availability of patches for a vulnerability in both FortiManager and FortiAnalyzer that could allow an attacker to execute code with root privileges.

Fortinet on Monday announced the availability of patches for a vulnerability in both FortiManager and FortiAnalyzer that could allow an attacker to execute code with root privileges.

FortiManager and FortiAnalyzer are network management solutions that provide administrators with visibility into and control of tens of thousands of network devices at the same time. While FortiManager delivers full administration capabilities, FortiAnalyzer provides log management, analytics and reporting capabilities.

Tracked as CVE-2021-32589, the newly addressed vulnerability is a use-after-free bug that affects the fgfmsd daemon in FortiManager and FortiAnalyzer.

A remote, non-authenticated attacker may exploit the vulnerability by sending a specially crafted request to the fgfm port of a vulnerable device. Successful exploitation of the security hole could result in the attacker executing code with root privileges.

FGFM, Fortinet explains, is disabled by default on FortiAnalyzer. Users, however, can enable it on specific hardware models, including 1000D, 1000E, 2000E, 3000D, 3000E, 3000F, 3500E, 3500F, 3700F, and 3900E.

Customers are advised to update to FortiManager and FortiAnalyzer versions 5.6.11, 6.0.11, 6.2.8, 6.4.6, and 7.0.1 or later, which include patches for the flaw. As a workaround, administrators can disable the FortiManager features on the FortiAnalyzer unit, Fortinet says.

The United States Cybersecurity and Infrastructure Security Agency (CISA) has advised administrators to review Fortinet’s advisory and apply the patches as necessary.

Advertisement. Scroll to continue reading.

“Note that FortiAnalyzer is only vulnerable where it supports FortiManager features that have been enabled, on specific hardware, with a very specific upgrade path,” CISA notes.

In an emailed comment, Fortinet said that it is not aware of the vulnerability being exploited in the wild, but that it is monitoring the situation.

“The security of our customers is our first priority. We have issued a patch and mitigations and we are proactively communicating to customers, strongly urging them to immediately update their FortiManager and FortiAnalyzer products. Additionally, we recommend that customers validate their configuration to ensure that no unauthorized changes had been implemented by a malicious third party,” Fortinet told SecurityWeek.

Related: Vulnerabilities Expose Fortinet Firewalls to Remote Attacks

Related: FBI Shares IOCs for APT Attacks Exploiting Fortinet Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.