CVE-2021-32589

CVE Database · CVE-2021-32589

CVE-2021-32589

· HIGHAnalyzed

CVSS v3.1

8.1

EPSS

8.70%

Published

Dec 19, 2024

Modified

Jan 31, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and FortiAnalyzer version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.3.11, version 5.2.10 to 5.2.4 fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-416

Affected Products (12)

fortinet · fortianalyzer (up to 5.6.11)vulnerable

fortinet · fortianalyzer (up to 6.0.11)vulnerable

fortinet · fortianalyzer (up to 6.2.8)vulnerable

fortinet · fortianalyzer (up to 6.4.6)vulnerable

fortinet · fortianalyzervulnerable

fortinet · fortimanager (up to 5.6.11)vulnerable

fortinet · fortimanager (up to 6.0.11)vulnerable

fortinet · fortimanager (up to 6.2.8)vulnerable

fortinet · fortimanager

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-21-067

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs