Fortinet FortiManager and Fortinet FortiAnalyzer use after free vulnerability in fgfmsd daemon. A Use After Free (CWE-416) vulnerability in FortiManager and FortiAnalyzer fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device. Please note that FGFM is disabled by default on FortiAnalyzer and can only be enabled on specific hardware models: 1000D, 1000E, 2000E, 3000D, 3000E, 3000F, 3500E, 3500F, 3700F, 3900E.
Vulmon