Vulnerability Description
A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker to execute arbitrary code via specially crafted installation images.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortios | >= 6.0.0, <= 6.0.13 |
| Fortinet | Fortigate-1100E | - |
| Fortinet | Fortigate-200F | - |
| Fortinet | Fortigate-2600F | - |
| Fortinet | Fortigate-3500F | - |
| Fortinet | Fortigate-400E | - |
| Fortinet | Fortigate-600E | - |
| Fortinet | Fortigate 1800F | - |
| Fortinet | Fortigate 2200E | - |
| Fortinet | Fortigate 3300E | - |
| Fortinet | Fortigate 3600E | - |
| Fortinet | Fortigate 40F | - |
| Fortinet | Fortigate 60F | - |
| Fortinet | Fortigate 7121F | - |
Related Weaknesses (CWE)
References
- https://fortiguard.com/advisory/FG-IR-21-115PatchVendor Advisory
- https://fortiguard.com/advisory/FG-IR-21-115PatchVendor Advisory
FAQ
What is CVE-2021-36173?
CVE-2021-36173 is a vulnerability with a CVSS score of 8.0 (HIGH). A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker ...
How severe is CVE-2021-36173?
CVE-2021-36173 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-36173?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortios, Fortinet Fortigate-1100E, Fortinet Fortigate-200F, Fortinet Fortigate-2600F, Fortinet Fortigate-3500F.