Home

Description

A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker to execute arbitrary code via specially crafted installation images.

PUBLISHED Reserved 2021-07-06 | Published 2021-12-08 | Updated 2024-10-25 | Assigner fortinet




HIGH: 8.0CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C

Problem types

Execute unauthorized code or commands

Product status

FortiOS 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.0 through 6.0.13
affected

References

fortiguard.com/advisory/FG-IR-21-115

fortiguard.com/advisory/FG-IR-21-115

cve.org (CVE-2021-36173)

nvd.nist.gov (CVE-2021-36173)

Download JSON