CVE-2021-32589
published 2024-12-19CVE-2021-32589: A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version…
PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
8.70%
94.5th percentile
A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and FortiAnalyzer version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.3.11, version 5.2.10 to 5.2.4 fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortianalyzer | — | — |
| fortinet | fortianalyzer | — | — |
| fortinet | fortianalyzer | — | — |
| fortinet | fortianalyzer | >= 5.2.4 < 5.6.11 | 5.6.11 |
| fortinet | fortianalyzer | 5.2.4 – 5.2.10 | — |
| fortinet | fortianalyzer | 5.4.0 – 5.4.7 | — |
| fortinet | fortianalyzer | 5.6.0 – 5.6.10 | — |
| fortinet | fortianalyzer | >= 6.0.0 < 6.0.11 | 6.0.11 |
| fortinet | fortianalyzer | 6.0.0 – 6.0.10 | — |
| fortinet | fortianalyzer | >= 6.2.0 < 6.2.8 | 6.2.8 |
| fortinet | fortianalyzer | 6.2.0 – 6.2.7 | — |
| fortinet | fortianalyzer | >= 6.4.0 < 6.4.6 | 6.4.6 |
| fortinet | fortianalyzer | 6.4.0 – 6.4.5 | — |
| fortinet | fortimanager | — | — |
| fortinet | fortimanager | — | — |
| fortinet | fortimanager | >= 5.0.0 < 5.6.11 | 5.6.11 |
| fortinet | fortimanager | 5.0.0 – 5.0.12 | — |
| fortinet | fortimanager | 5.2.0 – 5.2.10 | — |
| fortinet | fortimanager | 5.4.0 – 5.4.7 | — |
| fortinet | fortimanager | 5.6.0 – 5.6.10 | — |
| fortinet | fortimanager | >= 6.0.0 < 6.0.11 | 6.0.11 |
| fortinet | fortimanager | 6.0.0 – 6.0.10 | — |
| fortinet | fortimanager | >= 6.2.0 < 6.2.8 | 6.2.8 |
| fortinet | fortimanager | 6.2.0 – 6.2.7 | — |
| fortinet | fortimanager | >= 6.4.0 < 6.4.6 | 6.4.6 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring for crafted requests to the fgfm port targeting the fgfmsd daemon on FortiManager/FortiAnalyzer devices ↗
- →Deploy FortiGate IPS with definitions version 18.100 or later and enable signature FG-VD-50483 in block mode as a network-level detection and prevention control ↗
- →Validate device configuration for unauthorized changes that may indicate prior exploitation by a malicious third party ↗
- ·The vulnerability is exploitable by remote, unauthenticated attackers, meaning no credentials are required to trigger the fgfmsd Use-After-Free condition ↗
- ·FortiAnalyzer is only affected in edge cases, unlike FortiManager which is broadly affected ↗
- ·The IPS signature block (FG-VD-50483) is a temporary mitigation only and should not replace patching ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Fortinet
A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below...
vendor_fortinet·2024-12-19·CVSS 8.1
CVE-2021-32589 [HIGH] CWE-416 A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below...
FG-IR-21-067: A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below...
A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and FortiAnalyzer version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.3.11, version 5.2.10 to 5.2.4 fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device.
CVEs: CVE-2021-32589
CWEs: C
GHSA
GHSA-5mvx-j4j8-xv4p: A use after free in Fortinet FortiManager, FortiAnalyzer allows attacker to execute unauthorized code or commands via
ghsa_unreviewed·2024-12-19
CVE-2021-32589 [HIGH] CWE-416 GHSA-5mvx-j4j8-xv4p: A use after free in Fortinet FortiManager, FortiAnalyzer allows attacker to execute unauthorized code or commands via
A use after free in Fortinet FortiManager, FortiAnalyzer allows attacker to execute unauthorized code or commands via
No detection rules found.
No public exploits indexed.
Checkpoint
26th July – Threat Intelligence Report
blogs_checkpoint·2021-07-26·CVSS 10.0
CVE-2019-11510 [CRITICAL] 26th July – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 26th July – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 26th July, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
US officials have reported that Chinese state-sponsored threat actors successfully breached 13 US oil and natural gas pipeline companies between 2011 and 2013. The hackers gained initial access using a spear-phishing campaign, and their main goal was to gain strategic access and disrupt US pipeline operations.
The French Natio
Fortinet
Fortinet Provides Immediate Patch Update and Mitigations for Critical FortiManager and FortiAnalyzer Vulnerability - CVE-2021-32589
blogs_fortinet·2021-07-20·CVSS 8.1
CVE-2021-32589 [HIGH] Fortinet Provides Immediate Patch Update and Mitigations for Critical FortiManager and FortiAnalyzer Vulnerability - CVE-2021-32589
PSIRT BLOGS
Fortinet Provides Immediate Patch Update and Mitigations for Critical FortiManager and FortiAnalyzer Vulnerability - CVE-2021-32589
By Carl Windsor | July 20, 2021
On July 19, Fortinet published a security advisory documenting and sharing patches and workarounds for a Use-After-Free (UAF) vulnerability (CWE-416) in FortiManager, and in some edge cases, FortiAnalyzer. If not updated using the patch and mitigations provided by Fortinet, this vulnerability may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the targeted device.
We urgently reiterate our strong recommendation for any customers who have not yet updated their devices that they take immediate action to mitigate this risk. This includes up
2024-12-19
Published