CVE-2021-44168

CVE Database · CVE-2021-44168

CVE-2021-44168

· LOWAnalyzed

CVSS v3.1

3.3

EPSS

0.86%

Published

Jan 4, 2022

Modified

Oct 24, 2025

CISA Known Exploited Vulnerability

Added: 2021-12-10 · Due: 2021-12-24

Apply updates per vendor instructions.

Public PoC / Exploit (2)

All weaponized →

TrickestTrickest PoC index GitHub PoC0xhaggis/CVE-2021-44168★21

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Weaknesses (CWE)

CWE-494CWE-494

Affected Products (4)

fortinet · fortios (up to 6.0.14)vulnerable

fortinet · fortios (up to 6.2.10)vulnerable

fortinet · fortios (up to 6.4.8)vulnerable

fortinet · fortios (up to 7.0.3)vulnerable

References (3)

https://fortiguard.com/psirt/FG-IR-21-201

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-21-201

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44168

US Government Resource

KEV Catalog EPSS Scores Vendors All CVEs