A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and FortiAnalyzer version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.3.11, version 5.2.10 to 5.2.4 fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device.
oryginał ENCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HFortinet Fortianalyzer
APPFortinet7.0.05.2.4 – 5.6.11 (bez)6.2.0 – 6.2.8 (bez)6.4.0 – 6.4.6 (bez)6.0.0 – 6.0.11 (bez)Fortinet Fortimanager
APPFortinet7.0.06.0.0 – 6.0.11 (bez)5.0.0 – 5.6.11 (bez)6.2.0 – 6.2.8 (bez)6.4.0 – 6.4.6 (bez)Fortinet Fortiportal
APPFortinet4.0.0 – 5.3.7 (bez)6.0.0 – 6.0.6 (bez)
Powiązane podatności
Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach
Brak uwierzytelnienia krytycznej funkcji w Fortinet FortiManager — RCE
Buffer Underflow w interfejsie administracyjnym Fortinet FortiOS / FortiProxy — RCE bez uwierzytelnienia
Słabe uwierzytelnienie w Fortinet FortiOS/FortiProxy/FortiManager umożliwia RCE
A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and bel...