Fortinet stated on Monday that patches for a vulnerability in FortiManager and FortiAnalyzer that might allow an attacker to execute code with root privileges are now available.
FortiManager and FortiAnalyzer are network management solutions that enable administrators with visibility into control over tens of thousands of network devices at the same time. FortiAnalyzer provides log management, analytics, and reporting capabilities, while FortiManager delivers full administration capabilities.
The newly addressed vulnerability, CVE-2021-32589, is a use-after-free flaw that affects the fgfmsd daemon in FortiManager and FortiAnalyzer.
A remote, unauthenticated attacker might exploit the flaw by sending a specially crafted request to a vulnerable device’s fgfm port. If the security flaw is successfully exploited, the attacker may be able to execute code with root privileges.
However, users can enable it on specific hardware models such as 1000D, 1000E, 2000E, 3000D, 3000E, 3000F, 3500E, 3500F, 3700F, and 3900E.
Customers should update to versions 5.6.11, 6.0.11, 6.2.8, 6.4.6, and 7.0.1 or later of FortiManager and FortiAnalyzer, which include patches for the security vulnerability. Administrators can disable the FortiManager features on the FortiAnalyzer unit as a workaround, according to Fortinet.
According to the US Cybersecurity and Infrastructure Security Agency (CISA), administrators should review Fortinet’s advisory and implement the updates as necessary.