CVE-2021-44168 - Vulnerability Details - OpenCVE

A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is in the KEV database since Dec. 10, 2021.

Exploitation active

Automatable no

Technical Impact partial

Vendors	Products
Fortinet	Fortios

Configuration 1 [-]

OR	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::

No data.

References

Link	Providers
https://fortiguard.com/psirt/FG-IR-21-201

History

Tue, 22 Oct 2024 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2021-12-10'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2022-01-04T12:38:04

Updated: 2024-10-22T20:39:51.986Z

Reserved: 2021-11-23T00:00:00

Link: CVE-2021-44168

Vulnrichment

Updated: 2024-08-04T04:17:23.495Z

NVD

Status : Analyzed

Published: 2022-01-04T13:15:07.957

Modified: 2025-02-12T21:32:00.900

Link: CVE-2021-44168

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Fortinet FortiOS", "vendor": "Fortinet", "versions": [{"status": "affected", "version": "FortiOS before 7.0.3"}]}], "descriptions": [{"lang": "en", "value": "A download of code without integrity check vulnerability in the \"execute restore src-vis\" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "UNAVAILABLE", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.2, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:U/RC:C", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Execute unauthorized code or commands", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-01-04T12:38:04", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://fortiguard.com/psirt/FG-IR-21-201"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2021-44168", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Fortinet FortiOS", "version": {"version_data": [{"version_value": "FortiOS before 7.0.3"}]}}]}, "vendor_name": "Fortinet"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A download of code without integrity check vulnerability in the \"execute restore src-vis\" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages."}]}, "impact": {"cvss": {"attackComplexity": "Low", "attackVector": "Local", "availabilityImpact": "None", "baseScore": 3.2, "baseSeverity": "Low", "confidentialityImpact": "None", "integrityImpact": "Low", "privilegesRequired": "Low", "scope": "Unchanged", "userInteraction": "None", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:U/RC:C", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Execute unauthorized code or commands"}]}]}, "references": {"reference_data": [{"name": "https://fortiguard.com/psirt/FG-IR-21-201", "refsource": "CONFIRM", "url": "https://fortiguard.com/psirt/FG-IR-21-201"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:17:23.495Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://fortiguard.com/psirt/FG-IR-21-201"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-494", "lang": "en", "description": "CWE-494 Download of Code Without Integrity Check"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-22T20:20:19.264082Z", "id": "CVE-2021-44168", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2021-12-10", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-44168"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T20:39:51.986Z"}}]}, "cveMetadata": {"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2021-44168", "datePublished": "2022-01-04T12:38:04", "dateReserved": "2021-11-23T00:00:00", "dateUpdated": "2024-10-22T20:39:51.986Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-21-201", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:17:23.495Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-44168", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T20:20:19.264082Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2021-12-10", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-44168"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-494", "description": "CWE-494 Download of Code Without Integrity Check"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T20:22:11.616Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:U/RC:C", "temporalScore": 3.2, "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "remediationLevel": "UNAVAILABLE", "reportConfidence": "CONFIRMED", "temporalSeverity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Fortinet", "product": "Fortinet FortiOS", "versions": [{"status": "affected", "version": "FortiOS before 7.0.3"}]}], "references": [{"url": "https://fortiguard.com/psirt/FG-IR-21-201", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "A download of code without integrity check vulnerability in the \"execute restore src-vis\" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Execute unauthorized code or commands"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2022-01-04T12:38:04"}, "x_legacyV4Record": {"impact": {"cvss": {"scope": "Unchanged", "version": "3.1", "baseScore": 3.2, "attackVector": "Local", "baseSeverity": "Low", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:U/RC:C", "integrityImpact": "Low", "userInteraction": "None", "attackComplexity": "Low", "availabilityImpact": "None", "privilegesRequired": "Low", "confidentialityImpact": "None"}}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "FortiOS before 7.0.3"}]}, "product_name": "Fortinet FortiOS"}]}, "vendor_name": "Fortinet"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://fortiguard.com/psirt/FG-IR-21-201", "name": "https://fortiguard.com/psirt/FG-IR-21-201", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A download of code without integrity check vulnerability in the \"execute restore src-vis\" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Execute unauthorized code or commands"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-44168", "STATE": "PUBLIC", "ASSIGNER": "psirt@fortinet.com"}}}}, "cveMetadata": {"cveId": "CVE-2021-44168", "state": "PUBLISHED", "dateUpdated": "2024-10-22T20:39:51.986Z", "dateReserved": "2021-11-23T00:00:00", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2022-01-04T12:38:04", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"cisaActionDue": "2021-12-24", "cisaExploitAdd": "2021-12-10", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Fortinet FortiOS Arbitrary File Download", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "A187C6F8-D90B-4A4B-B477-8B6FF23A685A", "versionEndExcluding": "6.0.14", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EE47BA6-6F1B-40E9-8FE5-5752389875DF", "versionEndExcluding": "6.2.10", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "986D96D1-B204-48FC-8852-BB8341941236", "versionEndExcluding": "6.4.8", "versionStartIncluding": "6.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "78C6A783-0633-40C2-B69D-26C0BB8D9365", "versionEndExcluding": "7.0.3", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A download of code without integrity check vulnerability in the \"execute restore src-vis\" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages."}, {"lang": "es", "value": "Una vulnerabilidad de descarga de c\u00f3digo sin comprobaci\u00f3n de integridad en el comando \"execute restore src-vis\" de FortiOS versiones anteriores a 7.0.3, puede permitir a un atacante local autenticado descargar archivos arbitrarios en el dispositivo por medio de paquetes de actualizaci\u00f3n especialmente dise\u00f1ados"}], "id": "CVE-2021-44168", "lastModified": "2025-02-12T21:32:00.900", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-04T13:15:07.957", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-21-201"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-21-201"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-494"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-494"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}