Vulnerability Database

290,206

Total vulnerabilities in the database

CVE-2021-36173

A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker to execute arbitrary code via specially crafted installation images.

  • Published: Dec 8, 2021
  • Updated: Apr 14, 2023
  • CVE: CVE-2021-36173
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
fortinet / fortios 6.0.0 6.0.13.x
fortinet / fortios 6.2.0 6.2.9.x
fortinet / fortios 6.4.0 6.4.6.x
fortinet / fortios 7.0.0 7.0.0.x
fortinet / fortios 7.0.1 7.0.1.x