(This isn't good. I used to work a lot with Fortinet devices.)
From:
https://www.theregister.com/2021/07/20/fortinet_rce/
===
Fortinet's security appliances hit by remote code execution vulnerability
Cure worse than the disease for anyone with the 'fgfmsd' daemon
activated
Gareth Halfacree Tue 20 Jul 2021 // 14:30 UTC
----------------------------------------------------------------------
Security appliance slinger Fortinet has warned of a critical vulnerability
in its software that can be exploited to grant unauthenticated attackers
full control over a targeted system, providing a particular daemon is
enabled.
The flaw, discovered by Orange Group security researcher Cyrille Chatras
and sent to Fortinet privately for responsible disclosure, lies in
FortiManager and FortiAnalyzer's fgfmsd daemon, which if running and
vulnerable can be exploited over the network.
"A Use After Free (CWE-416) vulnerability in [the] FortiManager and
FortiAnalyzer fgfmsd daemon may allow a remote, non-authenticated attacker
to execute unauthorised code as root via sending a specifically crafted
request to the FGFM port of the targeted device," the vendor warned
customers.
Note that the FGFM service is disabled by default in FortiAnalyzer and can
only be enabled on 1000E, 2000E, 3000D, 3000E, 3000F, 3500E, 3500F, 3700F,
and 3900E appliances.
Those with affected FortiManager and FortiAnalyzer installations are
advised to upgrade to the most recently released version - 5.6.11, 6.0.11,
6.2.8, 6.4.6, or 7.0.1 or above, depending on which major release of the
software you're running - to close the hole.
Should that be impossible, and you're using a FortiAnalyzer box, a
workaround is to disable the FortiManager features on the FortiAnalyzer
unit manually with the following commands at the management console:
config system global
set fmg-status disable
end
"Memory related vulnerabilities are a common problem which can often have
severe impact, such as is the case here," application security expert Sean
Wright told The Register. "Ensuring appropriate checks are performed to
identify these flaws is crucial, for example by using static code scanners
which will detect and prevent their presence.
"Alternatively, educating developers about their existence early in the
development cycle will ensure code is built securely and without such
flaws in the first place. A more drastic approach, which is not always
possible, is to move to a language which performs automatic memory
management, such as Go or Java."
The vulnerability is the biggest to hit Fortinet products since October
last year, when the US Department of Homeland Security's Cybersecurity and
Infrastructure Security Agency (CISA) warned that flaws in the FortiOS SSL
virtual private network (VPN) had been used to gain access to supposedly
private networks in "multiple cases."
More information is available in the FortiGuard Labs security bulletin.
Fortinet did not respond to a request for additional comment by the time
of publication. (R)
===
-- Sean
... Government should spend our money like it was their own.
___ MultiMail/Win v0.52
--- Maximus/2 3.01
* Origin: Outpost BBS // bbs.outpostbbs.net:10123 (618:618/10)