A vulnerability (CVE-2021-32589) in FortiManager and FortiAnalyzer could be exploited by remote, non-authenticated attackers to execute unauthorised / malicious code as root, Fortinet has warned.
The vulnerability affects the solutions’ fgfmsd daemon, and could be triggered by senging a specially crafted request to the fgfm port of a vulnerable device.
Fortinet has provided security updates to fix the flaw, as well as workarounds if updating is impossible.
About FortiManager and FortiAnalyzer
FortiManager is an operations tool that provides organizations with centralized management of their Fortinet devices and is used to – among other things – “control the deployment of security policies, FortiGuard content security updates, firmware revisions, and individual configurations for thousands of FortiOS-enabled devices.”
FortiAnalyzer is a security analysis tool that allows NOC and SOC analysts insight into security threats and required mitigation / remediation actions.
About CVE-2021-32589
Discovered by Cyrille Chatras of Orange Group, CVE-2021-32589 is a use-after-free vulnerability that could lead to a program crash.
No additional details have been shared by the company at this time. Despite potentially allowing remote code execution, the vulnerability has received an overall CVSS score of 7.7, partly because the complexity of attacks aimed at exploiting is deemed to be high.
There is no indication this flaw is being actively exploited in the wild. Still, attackers have been known to exploit flaws in various Fortinet solutions in the past.
Enterprise admins are therefore advised to peruse the security advisory and check whether they need to update any devices.
As Fortinet notes, FGFM is disabled by default on FortiAnalyzer and can only be enabled on specific hardware models. A simple workaround (for FortiAnalyzer units) pointed out by the company consists of disabling FortiManager features.
Source: HelpNetSecurity
Protect your environment from Ransomware attacks.
Educating yourself and your employees with Cyber Security Awareness Training is the best way to start ensuring your business is protected from cyber-attacks.
Learn more about how The Cloud Consultancy can address and manage your businesses Cyber Security headaches. We can now provision boutique, pro-active, IT support services 24/7/365