#VU60735 Download of code without integrity check in FortiOS - CVE-2021-44168

Cybersecurity Help s.r.o.

Published: 2022-02-21 | Updated: 2023-10-22

Vulnerability identifier: #VU60735

Vulnerability risk: Medium

CVSSv4.0: 8.7 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]

CVE-ID: CVE-2021-44168

CWE-ID: CWE-494

Exploitation vector: Local network

Exploit availability: Yes

Vulnerable software:
FortiOS
Operating systems & Components / Operating system

Vendor: Fortinet, Inc

Description

The vulnerability allows a remote attacker to compromise the affected system

The vulnerability exists due to software does not perform software integrity check when downloading updates in the "execute restore src-vis" command. A remote attacker with ability to perform man-in-the-middle (MitM) attack can supply a malicious software image and gain full control over the affected system after a successful software update.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

FortiOS: 6.0.0 - 6.0.13, 6.2.0 - 6.2.9, 6.4.0 - 6.4.7, 7.0.0 - 7.0.2

External links
https://fortiguard.com/psirt/FG-IR-21-201

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

Latest bulletins with this vulnerability

Missing integrity check in FortiGate FortiOS