Vulnerability Summary

Fortinet FortiManager and Fortinet FortiAnalyzer use after free vulnerability in fgfmsd daemon. A Use After Free (CWE-416) vulnerability in FortiManager and FortiAnalyzer fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device. Please note that FGFM is disabled by default on FortiAnalyzer and can only be enabled on specific hardware models: 1000D, 1000E, 2000E, 3000D, 3000E, 3000F, 3500E, 3500F, 3700F, 3900E.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Recent Articles

Fortinet fixes bug letting unauthenticated hackers run code as root
BleepingComputer • Ionut Ilascu • 20 Jul 2021

Fortinet has released updates for its FortiManager and FortiAnalyzer network management solutions to fix a serious vulnerability that could be exploited to execute arbitrary code with the highest privileges.
Both FortiManager and FortiAnalyzer are enterprise-grade network management solutions for environments with up to 100,000 devices. They are available as a physical appliance, as a virtual machine, in the cloud, or hosted by Fortinet.
Organizations can use the products to manage d...