HIGH🇬🇧 English

CVE-2021-32589

CVSS 8.1v3.1pub. 2024-12-19upd. 2025-01-31

A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and FortiAnalyzer version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.3.11, version 5.2.10 to 5.2.4 fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Fortinet Fortianalyzer

    APP
    Fortinet
    7.0.05.2.4 – 5.6.11 (bez)6.2.0 – 6.2.8 (bez)6.4.0 – 6.4.6 (bez)6.0.0 – 6.0.11 (bez)
  • Fortinet Fortimanager

    APP
    Fortinet
    7.0.06.0.0 – 6.0.11 (bez)5.0.0 – 5.6.11 (bez)6.2.0 – 6.2.8 (bez)6.4.0 – 6.4.6 (bez)
  • Fortinet Fortiportal

    APP
    Fortinet
    4.0.0 – 5.3.7 (bez)6.0.0 – 6.0.6 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Memory
CWE
Referencje

Powiązane podatności

CVE-2026-24858CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach

CVE-2024-47575CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Brak uwierzytelnienia krytycznej funkcji w Fortinet FortiManager — RCE

CVE-2023-25610CRITICAL9.8PL ✓ten sam produkt

Buffer Underflow w interfejsie administracyjnym Fortinet FortiOS / FortiProxy — RCE bez uwierzytelnienia

CVE-2024-48886CRITICAL9.0PL ✓ten sam produkt

Słabe uwierzytelnienie w Fortinet FortiOS/FortiProxy/FortiManager umożliwia RCE

CVE-2021-32588CRITICAL9.8ten sam produkt

A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and bel...

CVE-2021-32589 — HIGH 8.1 | CVEbaza.pl