Fortinet Remote Code Execution – July 20, 2021


Fortinet has released updates for its FortiManager and FortiAnalyzer network management solutions to fix a serious vulnerability that could be exploited to execute arbitrary code with the highest privileges.


The company highlights that FGFM is disabled by default on FortiAnalyzer and can be turned on only on some hardware models: 1000D, 1000E, 2000E, 3000D, 3000E, 3000F, 3500E, 3500F, 3700F, 3900E.

The products affected by CVE-2021-32589 are the following:


Those with affected FortiManager and FortiAnalyzer installations are advised to upgrade to the most recently released version – 5.6.11, 6.0.11, 6.2.8, 6.4.6, or 7.0.1 or above

If updating is not possible, one workaround is to disable FortiManager features on the FortiAnalyzer unit using the following command:
config system globalset
fmg-status disable

Attack details

Fortinet says that sending a specially crafted request to the “FGFM” port of a target device “may allow a remote, non-authenticated attacker to execute unauthorized code as root.”



Lastly, to those who are leveraging our 24/7 Healthcare Security Operations Center (SOC) / SIEM, your network is being monitored and we will provide regular updates. To those who are not – please feel free to reach out to raheel.qureshi@isecurityconuslting.com or kees.pouw@isecurityconsulting.com and we will add you to our distribution list.

We will also provide updates to organizations we are servicing through our Incident Response Retainer.

Do not panic but stay safe and protected. We can always connect with you 1-on-1 to provide better guidance on how to gain better visibility into your controls, network, dark web, privileged user access protection and active threat hunting. The landscape around ransomware has evolved as the Healthcare sector is willing to pay ransom and malicious threat actors are now stronger than ever.

Please go ahead and share this with your peers.

For any other questions or concerns, please feel free to reach out to info@isecurityconsulting.com.

Best Regards,

The iSecurity Team