A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and FortiAnalyzer version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.3.11, version 5.2.10 to 5.2.4 fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device.
References
| Link | Resource |
|---|---|
| https://fortiguard.fortinet.com/psirt/FG-IR-21-067 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
31 Jan 2025, 17:42
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://fortiguard.fortinet.com/psirt/FG-IR-21-067 - Vendor Advisory | |
| CPE | cpe:2.3:a:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:* |
|
| First Time |
Fortinet fortimanager
Fortinet Fortinet fortiportal Fortinet fortianalyzer |
19 Dec 2024, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-12-19 13:15
Updated : 2025-01-31 17:42
NVD link : CVE-2021-32589
Mitre link : CVE-2021-32589
CVE.ORG link : CVE-2021-32589
JSON object : View
Products Affected
fortinet
- fortimanager
- fortiportal
- fortianalyzer
CWE
CWE-416
Use After Free