Home Internet Security Fortinet fixes bug letting unauthenticated hackers run code as root

Fortinet fixes bug letting unauthenticated hackers run code as root


CVE-2021-32589 bug in FortiManager and FortiAnalyzer enables remote code execution without authentication

Fortinet has launched updates for its FortiManager and FortiAnalyzer community administration options to repair a critical vulnerability that could possibly be exploited to execute arbitrary code with the best privileges.

Each FortiManager and FortiAnalyzer are enterprise-grade community administration options for environments with as much as 100,000 units. They’re accessible as a bodily equipment, as a digital machine, within the cloud, or hosted by Fortinet.

Organizations can use the merchandise to handle deploy and configure units on the community in addition to to gather and analyze the generated logs to establish and remove threats.

Patch and workaround accessible

Fortinet has printed a security advisory for the problem, which is at present tracked as CVE-2021-32589, saying that it’s a use-after-free (UAF) vulnerability in FortiManager and FortiAnalyzer fgfmsd daemon.

One of these bug happens when a bit of reminiscence is erroneously marked as free and a program then tries to make use of it, leading to a crash.

Nevertheless, Fortinet says that sending a specifically crafted request to the “FGFM” port of a goal system “might permit a distant, non-authenticated attacker to execute unauthorized code as root.”

The corporate highlights that FGFM is disabled by default on FortiAnalyzer and will be turned on solely on some {hardware} fashions: 1000D, 1000E, 2000E, 3000D, 3000E, 3000F, 3500E, 3500F, 3700F, 3900E.

The merchandise affected by CVE-2021-32589 are the next:

FortiManager FortiAnalyzer
variations 5.6.10 and beneath variations 5.6.10 and beneath
variations 6.0.10 and beneath variations 6.0.10 and beneath
variations 6.2.7 and beneath variations 6.2.7 and beneath
variations 6.4.5 and beneath variations 6.4.5 and beneath
model 7.0.0 model 7.0.0
variations 5.4.x  

If updating shouldn’t be doable, one workaround is to disable FortiManager options on the FortiAnalyzer unit utilizing the next command:

config system world
set fmg-status disable 

Credited for locating and responsibly reporting the vulnerability to Fortinet is Cyrille Chatras, a reverse engineer and pentester from Orange group that beforehand found and reported bugs in merchandise from Nokia, Juniper, Crimson Hat, and in open-source Android [1, 2, 3, 4].

CISA has additionally published an advisory encouraging customers and directors to evaluation the vulnerability info from Fortinet and apply the updates.

Source link