Improper validation of dispatcher socket parameters Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-050 Final 1 1 2021-08-03T00:00:00 Current version 2021-08-03T00:00:00 2021-08-03T00:00:00 A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifially crafted web requests. Execute unauthorized code or commands FortiManager versions 7.0.0FortiManager versions 6.4.5 and below.FortiManager versions 6.2.7 and below.FortiManager versions 6.0.xFortiManager versions 5.6.xFortiAnalyzer versions 7.0.0FortiAnalyzer versions 6.4.5 and below.FortiAnalyzer versions 6.2.7 and below.FortiAnalyzer versions 6.0.xFortiAnalyzer versions 5.6.x Please upgrade to FortiManager 7.0.1 or above.Please upgrade to FortiManager 6.4.6 or above.Please upgrade to FortiManager 6.2.8 or above.Please upgrade to FortiAnalyzer 7.0.1 or above.Please upgrade to FortiAnalyzer 6.4.6 or above.Please upgrade to FortiAnalyzer 6.2.8 or above. Fortinet is pleased to thank Clément Amic, Pierre Milioni and Adrien Peter from Synacktiv for reporting this vulnerability under responsible disclosure. CVE-2021-32603 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-21-050 Improper validation of dispatcher socket parameters Reference>