Fortinet's security appliances hit by remote code execution vulnerability
Security appliance slinger Fortinet has warned of a critical vulnerability in its software that can be exploited to grant unauthenticated attackers full control over a targeted system, providing a particular daemon is enabled.
The flaw, discovered by Orange Group security researcher Cyrille Chatras and sent to Fortinet privately for responsible disclosure, lies in FortiManager and FortiAnalyzer's fgfmsd daemon, which if running and vulnerable can be exploited over the network.
"A Use After Free (CWE-416) vulnerability in [the] FortiManager and FortiAnalyzer fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorised code as root via sending a specifically crafted request to the FGFM port of the targeted device," the vendor warned customers.
Note that the FGFM service is disabled by default in FortiAnalyzer and can only be enabled on 1000E, 2000E, 3000D, 3000E, 3000F, 3500E, 3500F, 3700F, and 3900E appliances.
/cdn.vox-cdn.com/uploads/chorus_asset/file/24801728/Screenshot_2023_07_21_at_1.45.12_PM.jpeg)
