CVE-2021-32589Use After Free in Fortinet Fortianalyzer

CWE-416Use After Free5 documents5 sources
Severity
9.8CRITICALNVD
CNA8.1
EPSS
6.5%
top 8.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Fortinet FortianalyzerFortinet FortimanagerFortinet Fortiportal
Timeline
PublishedDec 19

Description

A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and FortiAnalyzer version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.3.11, version 5.2.10 to 5.2.4 fgfmsd daemon may allow a remote, non-authenticate

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

NVDfortinet/fortiportal4.0.05.3.7+1
NVDfortinet/fortimanager5.0.05.6.11+4
NVDfortinet/fortianalyzer5.2.45.6.11+4
CVEListV5fortinet/fortimanager6.4.06.4.5+7
CVEListV5fortinet/fortianalyzer6.4.06.4.5+7

🔴Vulnerability Details

2
CVEList
CVE-2021-32589: A Use After Free (CWE-416) vulnerability in FortiManager version 72024-12-19
GHSA
GHSA-5mvx-j4j8-xv4p: A use after free in Fortinet FortiManager, FortiAnalyzer allows attacker to execute unauthorized code or commands via2024-12-19

📋Vendor Advisories

1
Fortinet
A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below...2024-12-19

🕵️Threat Intelligence

1
Fortinet
Fortinet Provides Immediate Patch Update and Mitigations for Critical FortiManager and FortiAnalyzer Vulnerability - CVE-2021-325892021-07-20
CVE-2021-32589 — Use After Free in Fortinet | cvebase