Main Vulnerability Database Exploits ID:9385 - Exploit for Download of code without integrity check in FortiOS - CVE-2021-44168

ID:9385 - Exploit for Download of code without integrity check in FortiOS - CVE-2021-44168

Published: October 22, 2023

Vulnerability identifier: #VU60735

Vulnerability risk: Medium

CVE-ID: CVE-2021-44168

CWE-ID: CWE-494

Exploitation vector: Adjecent network

Vulnerable software:
FortiOS

Link to public exploit:

https://github.com/0xhaggis/CVE-2021-44168

Vulnerability description

The vulnerability allows a remote attacker to compromise the affected system

The vulnerability exists due to software does not perform software integrity check when downloading updates in the "execute restore src-vis" command. A remote attacker with ability to perform man-in-the-middle (MitM) attack can supply a malicious software image and gain full control over the affected system after a successful software update.

Remediation

Install updates from vendor's website.

ID:9385 - Exploit for Download of code without integrity check in FortiOS - CVE-2021-44168

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human