Fortinet secures bug on unauthenticated hackers run code as root
Fortinet has released updates for its FortiManager and FortiAnalyzer network management solutions to fix a serious vulnerability that could be exploited to execute arbitrary code with the highest privileges. Both FortiManager and FortiAnalyzer are enterprise-grade network management solutions for environments with up to 100,000 devices. They are available as a physical appliance, as a virtual machine, in the cloud, or hosted by Fortinet.
This type of bug occurs when a section of memory is erroneously marked as free and a program then tries to use it, resulting in a crash.
Organizations can use the products to manage deploy and configure devices on the network as well as to collect and analyze the generated logs to identify and eliminate threats.
Fortinet has published a security advisory for the issue, which is currently tracked as CVE-2021-32589, saying that it is a use-after-free (UAF) vulnerability in FortiManager and FortiAnalyzer fgfmsd daemon. Fortinet says that sending a specially crafted request to the “FGFM” port of a target device “may allow a remote, non-authenticated attacker to execute unauthorized code as root.”
The company highlights that FGFM is disabled by default on FortiAnalyzer and can be turned on only on some hardware models: 1000D, 1000E, 2000E, 3000D, 3000E, 3000F, 3500E, 3500F, 3700F, 3900E.
CISA has also published an advisory encouraging users and administrators to review the vulnerability information from Fortinet and apply the updates.
Tally Solutions intros latest version of TallyPrime
Tally Solutions introduced the latest version of TallyPrime- a convenient one-stop solutio...
CoRover launches Human Centric Conversational AI Platform app on Finastra's FusionFabric.cloud
CoRover, the world’s first human-centric conversational AI company offering chatbots...
Trend Micro announces 'Partner Ninja' Program for Channels at the Partner Day 2021
Trend Micro Incorporated recently held its virtual regional partner conference, Partn...
The post-pandemic world reshaping the security challenges
Plus, there are many advantages in storing data centrally and off-premise when it comes...
Dreamforce Everywhere: Salesforce Announces the First Global Dreamforce
Salesforce (NYSE: CRM), the global leader in CRM, today announced the first-ever global Dr...