CVE-2021-32589: FortiManager & FortiAnalyzer UAF Vulnerability
There is a UAF (Use-After-Free) vulnerability in the fgfmsd daemon of FortiManager and FortiAnalyzer. A remote, unauthenticated attacker can execute unauthorized code as the root user by sending a specially designed request to the fgfm port of the target device.
FGFM is disabled by default on FortiAnalyzer and can only be enabled on specific hardware models:
1000D, 1000E, 2000E, 3000D, 3000E, 3000F, 3500E, 3500F, 3700F, 3900E.
FortiManager versions 5.6.10 and below.
FortiManager versions 6.0.10 and below.
FortiManager versions 6.2.7 and below.
FortiManager versions 6.4.5 and below.
FortiManager version 7.0.0.
FortiManager versions 5.4.x.
FortiAnalyzer versions 5.6.10 and below.
FortiAnalyzer versions 6.0.10 and below.
FortiAnalyzer versions 6.2.7 and below.
FortiAnalyzer versions 6.4.5 and below.
FortiAnalyzer version 7.0.0.
Disable FortiManager features on the FortiAnalyzer unit using the command below:
config system global
set fmg-status disable <— Disabled by default.