Security News > 2021 > July > Fortinet plugs RCE hole in FortiManager and FortiAnalyzer (CVE-2021-32589)
A vulnerability in FortiManager and FortiAnalyzer could be exploited by remote, non-authenticated attackers to execute unauthorized / malicious code as root, Fortinet has warned.
Fortinet has provided security updates to fix the flaw, as well as workarounds if updating is impossible.
FortiManager is an operations tool that provides organizations with centralized management of their Fortinet devices and is used to - among other things - "Control the deployment of security policies, FortiGuard content security updates, firmware revisions, and individual configurations for thousands of FortiOS-enabled devices."
FortiAnalyzer is a security analysis tool that allows NOC and SOC analysts insight into security threats and required mitigation / remediation actions.
Still, attackers have been known to exploit flaws in various Fortinet solutions in the past.
As Fortinet notes, FGFM is disabled by default on FortiAnalyzer and can only be enabled on specific hardware models.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/UscdZFmm0E8/