Fortinet on Monday announced the availability of patches for a vulnerability in both FortiManager and FortiAnalyzer that could allow an attacker to execute code with root privileges.
FortiManager and FortiAnalyzer are network management solutions that provide administrators with visibility into and control of tens of thousands of network devices at the same time. While FortiManager delivers full administration capabilities, FortiAnalyzer provides log management, analytics and reporting capabilities.
Tracked as CVE-2021-32589, the newly addressed vulnerability is a use-after-free bug that affects the fgfmsd daemon in FortiManager and FortiAnalyzer.
A remote, non-authenticated attacker may exploit the vulnerability by sending a specially crafted request to the fgfm port of a vulnerable device. Successful exploitation of the security hole could result in the attacker executing code with root privileges.
FGFM, Fortinet explains, is disabled by default on FortiAnalyzer. Users, however, can enable it on specific hardware models, including 1000D, 1000E, 2000E, 3000D, 3000E, 3000F, 3500E, 3500F, 3700F, and 3900E.
Customers are advised to update to FortiManager and FortiAnalyzer versions 5.6.11, 6.0.11, 6.2.8, 6.4.6, and 7.0.1 or later, which include patches for the flaw. As a workaround, administrators can disable the FortiManager features on the FortiAnalyzer unit, Fortinet says.
The United States Cybersecurity and Infrastructure Security Agency (CISA) has advised administrators to review Fortinet’s advisory and apply the patches as necessary.
“Note that FortiAnalyzer is only vulnerable where it supports FortiManager features that have been enabled, on specific hardware, with a very specific upgrade path,” CISA notes.
In an emailed comment, Fortinet said that it is not aware of the vulnerability being exploited in the wild, but that it is monitoring the situation.
“The security of our customers is our first priority. We have issued a patch and mitigations and we are proactively communicating to customers, strongly urging them to immediately update their FortiManager and FortiAnalyzer products. Additionally, we recommend that customers validate their configuration to ensure that no unauthorized changes had been implemented by a malicious third party,” Fortinet told SecurityWeek.
Related: Vulnerabilities Expose Fortinet Firewalls to Remote Attacks
Related: FBI Shares IOCs for APT Attacks Exploiting Fortinet Vulnerabilities
More from Ionut Arghire
- Google Workspace Gets Passkey Authentication
- Cybersecurity Startup Elba Raises €2.5 Million for Employee-Focused Product
- Apple Unveils Upcoming Privacy and Security Features
- Dozens of Malicious Extensions Found in Chrome Web Store
- Microsoft Makes SMB Signing Default Requirement in Windows 11 to Boost Security
- Zyxel Urges Customers to Patch Firewalls Against Exploited Vulnerabilities
- Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
Latest News
- Google Workspace Gets Passkey Authentication
- Cybersecurity Startup Elba Raises €2.5 Million for Employee-Focused Product
- Zoom Expands Privacy Options for European Customers
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
- Apple Unveils Upcoming Privacy and Security Features
- Verizon 2023 DBIR: Human Error Involved in Many Breaches, Ransomware Cost Surges
- Google Patches Third Chrome Zero-Day of 2023
- Dozens of Malicious Extensions Found in Chrome Web Store
