Main Vulnerability Database Vulnerabilities #VU54975

#VU54975 Use-after-free in FortiManager and FortiAnalyzer - CVE-2021-32589

Published: July 19, 2021

Vulnerability identifier: #VU54975

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2021-32589

CWE-ID: CWE-416

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiManager
FortiAnalyzer

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the fgfmsd daemon. A remote non-authenticated attacker can send a specially crafted request to port 541/tcp (IPv4) or 542/tcp (IPv6), trigger a use-after-free error and execute arbitrary code on the system with root privileges.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-21-067

#VU54975 Use-after-free in FortiManager and FortiAnalyzer - CVE-2021-32589

Description

Remediation

External links

Please verify you're human