September 27, 2023

Fortiguard released a security update for Forti Manager and Forti Analyzer to address an issue that provides a direct access to the root user which could lead to remote code of execution .

A Use After Free (CWE-416) vulnerability in FortiManager and FortiAnalyzer fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device.

Products under Threat

  • FortiManager versions 5.6.10 and below.
  • FortiManager versions 6.0.10 and below.
  • FortiManager versions 6.2.7 and below.
  • FortiManager versions 6.4.5 and below.
  • FortiManager version 7.0.0.
  • FortiManager versions 5.4.x.
  • FortiAnalyzer versions 5.6.10 and below.
  • FortiAnalyzer versions 6.0.10 and below.
  • FortiAnalyzer versions 6.2.7 and below.
  • FortiAnalyzer versions 6.4.5 and below.
  • FortiAnalyzer version 7.0.0.

Work Around

Though FGFM is disabled by default on FortiAnalyzer and can only be enabled on specific hardware models:
1000D, 1000E, 2000E, 3000D, 3000E, 3000F, 3500E, 3500F, 3700F, 3900E. 

Disable FortiManager features on the FortiAnalyzer unit using the command below:
config system global
set fmg-status disable
end

Solution

To mitigate the issue permanently , Upgrade the existing version as described above to a higher version where this issue is sorted out for both FortiManager & FortiAnalyzer.

Tags:

Leave a Reply

You may have missed

BORN Canada latest victim of MoveIT data breach

September 27, 2023

Hardware Supply Chain Risk Assessment from CISA

September 27, 2023

Sony attack – Ransomed.vc claims responsibility

September 26, 2023

Chrome Zeroday – CVE-2023-4863 PoC Exploit Released

September 25, 2023

BlackCat adds Clarion to its Victim list

September 24, 2023

TheCyberThrone Security Week In Review – September 23, 2023

September 24, 2023
%d bloggers like this: