← Back

CVE-2021-36173

nvd nist
Published: Dec 8, 2021Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker to execute arbitrary code via specially crafted installation images.

Affected (5)

Products: Fortinet: Fortios
Fortinet
1 product
Fortios
Configuration A
5 vulnerable · 13 platform
Vulnerable SoftwareAffected Versions
Fortinet
Fortios
From 6.0.0 to 6.0.13
Fortios
From 6.2.0 to 6.2.9
Fortios
From 6.4.0 to 6.4.6
Fortios
Version 7.0.0
Fortios
Version 7.0.1
Running on/withPlatform Versions
Fortinet
Fortigate 1100e
All versions
Fortinet
Fortigate 200f
All versions
Fortinet
Fortigate 2600f
All versions
Fortinet
Fortigate 3500f
All versions
Fortinet
Fortigate 400e
All versions
Fortinet
Fortigate 600e
All versions
Fortinet
Fortigate 1800f
All versions
Fortinet
Fortigate 2200e
All versions
Fortinet
Fortigate 3300e
All versions
Fortinet
Fortigate 3600e
All versions
Fortinet
Fortigate 40f
All versions
Fortinet
Fortigate 60f
All versions
Fortinet
Fortigate 7121f
All versions

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

Source: psirt@fortinet.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.