CyberSec.Space Logo
Back to CVE Browser

CVE-2021-44168

Known Exploited (CISA KEV)LOW
3.3
CVSS Severity Score
EPSS Score78.9490%
EPSS Percentile87.79th
PublishedJan 4, 2022
Last ModifiedOct 24, 2025

Vulnerability Description

A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.

Affected Platforms (CPE)

πŸ’»
Fortinet

Fortios

< 6.0.14
πŸ’»
Fortinet

Fortios

>= 6.2.0 and < 6.2.10
πŸ’»
Fortinet

Fortios

>= 6.4.0 and < 6.4.8
πŸ’»
Fortinet

Fortios

>= 7.0.0 and < 7.0.3

References & Advisories

πŸ”— https://fortiguard.com/psirt/FG-IR-21-201
πŸ”— https://fortiguard.com/psirt/FG-IR-21-201
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44168

Related Vulnerabilities

CVE-2005-305710.0

The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers ...

CVE-2025-597189.8

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7....

CVE-2018-13529.8

A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH usern...

CVE-2020-128129.8

An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being a...