CVE-2021-32589

Name of the Vulnerable Software and Affected Versions FortiManager versions prior to 7.0.1 FortiAnalyzer versions prior to 7.0.1

Description A Use After Free vulnerability in the fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device. This issue is related to the use of memory after it has been freed.

Recommendations For FortiManager versions prior to 7.0.1, update to version 7.0.1 or later to resolve the issue. For FortiAnalyzer versions prior to 7.0.1, update to version 7.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the fgfm port to minimize the risk of exploitation.