CVE-2021-32589
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:W/RC:C
Summary
A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and FortiAnalyzer version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.3.11, version 5.2.10 to 5.2.4 fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Fortinet | FortiManager | 7.0.0 | affected |
| Fortinet | FortiManager | 6.4.0 <= 6.4.5 | affected |
| Fortinet | FortiManager | 6.2.0 <= 6.2.7 | affected |
| Fortinet | FortiManager | 6.0.0 <= 6.0.10 | affected |
| Fortinet | FortiManager | 5.6.0 <= 5.6.10 | affected |
| Fortinet | FortiManager | 5.4.0 <= 5.4.7 | affected |
| Fortinet | FortiManager | 5.2.0 <= 5.2.10 | affected |
| Fortinet | FortiManager | 5.0.0 <= 5.0.12 | affected |
| Fortinet | FortiAnalyzer | 7.0.0 | affected |
| Fortinet | FortiAnalyzer | 6.4.0 <= 6.4.5 | affected |
| Fortinet | FortiAnalyzer | 6.2.0 <= 6.2.7 | affected |
| Fortinet | FortiAnalyzer | 6.0.0 <= 6.0.10 | affected |
| Fortinet | FortiAnalyzer | 5.6.0 <= 5.6.10 | affected |
| Fortinet | FortiAnalyzer | 5.4.0 <= 5.4.7 | affected |
| Fortinet | FortiAnalyzer | 5.3.11 | affected |
| Fortinet | FortiAnalyzer | 5.2.4 <= 5.2.10 | affected |
Weaknesses
- CWE-416: Execute unauthorized code or commands
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.