Vulnerability in FortiOS Products

Published on 08 Dec 2021

Updated on 08 Dec 2021

Fortinet has released security updates to address a vulnerability which allows download of code without integrity check in the “execute restore src-vis” command of FortiOS products (CVE-2021-44168). Successful exploitation of the vulnerability could allow an attacker to download arbitrary files on the devices.

Users and administrators are advised to check their systems for any indicators of compromise (IOCs) such as unexpected files or processes running on their FortiGate Devices. Please refer to the Fortinet advisory link below for more information on the IOCs.

Users and administrators using the following affected versions are advised to upgrade their software versions immediately:

  • FortiOS versions 6.0.13 and before (upgrade to FortiOS versions 6.0.14 or after)
  • FortiOS versions 6.2.9 and before (upgrade to FortiOS 6.2.10 or after)
  • FortiOS versions 6.4.7 and before (upgrade to FortiOS 6.4.8 or after)
  • FortiOS versions 7.0.2 and before (upgrade to FortiOS 7.0.3 or after)

More information is available here: