Critical Vulnerability in Fortinet's FortiAnalyzer and FortiManager

Published on 21 Jul 2021

Updated on 21 Jul 2021

Fortinet has released security updates to address a critical Use-After-Free (UAF) vulnerability (CVE-2021-32589) in their FortiAnalyzer and FortiManager products. This vulnerability may allow a remote, unauthenticated attacker to execute unauthorised code as root by sending a specially crafted request to the FortiGate-to-FortiManager (FGFM) port of the targeted device.

This vulnerability affects FortiAnalyzer models 1000D, 1000E, 2000E, 3000D, 3000E, 3000F, 3500E, 3500F, 3700F and 3900E when the FGFM port (which is disabled by default) is enabled to support FortiManager functions.

The following FortiAnalyzer product versions are affected by this vulnerability:

  • versions 5.6.10 and below;
  • versions 6.0.10 and below;
  • versions 6.2.7 and below;
  • versions 6.4.5 and below; and
  • version 7.0.0

The following FortiManager product versions are affected by this vulnerability:

  • versions 5.6.10 and below;
  • versions 6.0.10 and below;
  • versions 6.2.7 and below;
  • versions 6.4.5 and below;
  • version 7.0.0; and
  • versions 5.4.x

Administrators and users of the affected product versions are advised to upgrade to the latest versions immediately.

More information is available here:

https://www.fortiguard.com/psirt/FG-IR-21-067

https://us-cert.cisa.gov/ncas/current-activity/2021/07/19/fortinet-releases-security-updates-fortimanager-and-fortianalyzer