CVE-2021-44168
3.3LOWA download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the de
Veröffentlicht: 1/4/2022Aktualisiert: 10/24/2025
CISA Bekannte Ausgenutzte Schwachstelle
Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files.
Erforderliche Maßnahme:
Apply updates per vendor instructions.
Fälligkeitsdatum:
2021-12-24
Beschreibung
A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.
KI-AnalyseKI-gestützt
Betroffene Produkte
fortinetfortios
fortinetfortios
fortinetfortios
fortinetfortios
Referenzen
- https://fortiguard.com/psirt/FG-IR-21-201Vendor Advisory
- https://fortiguard.com/psirt/FG-IR-21-201Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44168US Government Resource