KEVIntel
Back to KEVs
3.3
CVSS
Low

CVE-2021-44168

PUBLISHED

A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local...

Exploited in the wild Low complexity No user interaction
Vendor
Fortinet
Product
Fortinet FortiOS
Published
Jan 04, 2022
EPSS

Description

A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.

ios cisa edge

CVSS scores

CVSS v3.1 3.3 Low

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:U/RC:C

Exploitation status

Exploited in the wild

Recorded 2021-12-10 00:00:00 UTC · Source

SSVC decision points

Exploitation
active
Automatable
No
Technical impact
partial

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Dec 10, 2021
CISA Dec 10, 2021

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

0xhaggis/CVE-2021-44168

github · Created 2023-02-08 07:30:52 UTC · 20 stars

A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3.

Timeline

  • CVE ID Reserved

  • Added to KEVIntel

  • Added to KEVIntel

  • CVE Published to Public