- Home
- Alerts & Advisories
- Alerts
- Critical Vulnerability in Fortinet's FortiAnalyzer and FortiManager
Alerts
Critical Vulnerability in Fortinet's FortiAnalyzer and FortiManager
21 July 2021
Fortinet has released security updates to address a critical Use-After-Free (UAF) vulnerability (CVE-2021-32589) in their FortiAnalyzer and FortiManager products. This vulnerability may allow a remote, unauthenticated attacker to execute unauthorised code as root by sending a specially crafted request to the FortiGate-to-FortiManager (FGFM) port of the targeted device.
This vulnerability affects FortiAnalyzer models 1000D, 1000E, 2000E, 3000D, 3000E, 3000F, 3500E, 3500F, 3700F and 3900E when the FGFM port (which is disabled by default) is enabled to support FortiManager functions.
The following FortiAnalyzer product versions are affected by this vulnerability:
versions 5.6.10 and below;
versions 6.0.10 and below;
versions 6.2.7 and below;
versions 6.4.5 and below; and
version 7.0.0
The following FortiManager product versions are affected by this vulnerability:
versions 5.6.10 and below;
versions 6.0.10 and below;
versions 6.2.7 and below;
versions 6.4.5 and below;
version 7.0.0; and
versions 5.4.x
Administrators and users of the affected product versions are advised to upgrade to the latest versions immediately.
More information is available here: