cbcvebase.
CVE-2021-32589
published 2024-12-19

CVE-2021-32589: A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version…

PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
8.70%
94.5th percentile
A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and FortiAnalyzer version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.3.11, version 5.2.10 to 5.2.4 fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device.

Affected

29 ranges· showing 25
VendorProductVersion rangeFixed in
fortinetfortianalyzer
fortinetfortianalyzer
fortinetfortianalyzer
fortinetfortianalyzer>= 5.2.4 < 5.6.115.6.11
fortinetfortianalyzer5.2.4 – 5.2.10
fortinetfortianalyzer5.4.0 – 5.4.7
fortinetfortianalyzer5.6.0 – 5.6.10
fortinetfortianalyzer>= 6.0.0 < 6.0.116.0.11
fortinetfortianalyzer6.0.0 – 6.0.10
fortinetfortianalyzer>= 6.2.0 < 6.2.86.2.8
fortinetfortianalyzer6.2.0 – 6.2.7
fortinetfortianalyzer>= 6.4.0 < 6.4.66.4.6
fortinetfortianalyzer6.4.0 – 6.4.5
fortinetfortimanager
fortinetfortimanager
fortinetfortimanager>= 5.0.0 < 5.6.115.6.11
fortinetfortimanager5.0.0 – 5.0.12
fortinetfortimanager5.2.0 – 5.2.10
fortinetfortimanager5.4.0 – 5.4.7
fortinetfortimanager5.6.0 – 5.6.10
fortinetfortimanager>= 6.0.0 < 6.0.116.0.11
fortinetfortimanager6.0.0 – 6.0.10
fortinetfortimanager>= 6.2.0 < 6.2.86.2.8
fortinetfortimanager6.2.0 – 6.2.7
fortinetfortimanager>= 6.4.0 < 6.4.66.4.6

Detection & IOCsextracted from sources · hover to see the quote

portfgfm
processfgfmsd
otherFG-VD-50483
  • Detect exploitation attempts by monitoring for crafted requests to the fgfm port targeting the fgfmsd daemon on FortiManager/FortiAnalyzer devices
  • Deploy FortiGate IPS with definitions version 18.100 or later and enable signature FG-VD-50483 in block mode as a network-level detection and prevention control
  • Validate device configuration for unauthorized changes that may indicate prior exploitation by a malicious third party
  • ·The vulnerability is exploitable by remote, unauthenticated attackers, meaning no credentials are required to trigger the fgfmsd Use-After-Free condition
  • ·FortiAnalyzer is only affected in edge cases, unlike FortiManager which is broadly affected
  • ·The IPS signature block (FG-VD-50483) is a temporary mitigation only and should not replace patching
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.