CVE-2021-36173

CWE-787Out-of-bounds Write4 documents4 sources
Severity
8.8HIGH
EPSS
0.7%
top 28.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiosFortinet Fortinet Fortios
Timeline
PublishedDec 8
Latest updateDec 9

Description

A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker to execute arbitrary code via specially crafted installation images.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortios6.0.06.0.13+4
CVEListV5fortinet/fortinet_fortiosFortiOS 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.0 through 6.0.13

Patches

Patch: fortiguard.comPatch: fortiguard.com

🔴Vulnerability Details

2
GHSA
GHSA-p5m6-c47j-fg8m: A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 72021-12-09
CVEList
CVE-2021-36173: A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 72021-12-08

📋Vendor Advisories

1
Fortinet
A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 thr...2021-12-08
CVE-2021-36173 (HIGH CVSS 8.8) | A heap-based buffer overflow in the | cvebase.io