CVE-2021-44171 In previous versions, special elements used in the os command could be manipulated to subvert the os command. This issue was fixed in the latest releases.

There are two ways to exploit this vulnerability: - Via diagnostic CLI commands (e.g. os command) - Via CLI command injection Reportedly, attacker can exploit this vulnerability remotely via SSH, telnet, SNMP, etc. You can protect your FortiSwitches from this attack by upgrading to the latest software version. Patch applied to Fortinet FortiOS version 6.0.15. Reportedly, attacker can exploit this vulnerability via SSH, telnet, SNMP, etc. You can protect your FortiSwitches from this attack by upgrading to the latest software version. Patch applied to Fortinet FortiOS version 6.2.11. Reportedly, attacker can exploit this vulnerability via SSH, telnet, SNMP, etc. You can protect your FortiSwitches from this attack by upgrading to the latest software version. Patch applied to Fortinet FortiOS version 6.4.9. Reportedly, attacker can exploit this vulnerability via SSH, telnet, SNMP, etc. You can protect your FortiSwitches from this attack by upgrading to the latest software version. Patch applied to Fortinet FortiOS version 7.0.4. Reportedly, attacker can exploit this vulnerability via SSH, telnet, SNMP, etc. You can protect your FortiSwitches from this attack by upgrading to the latest software version. Patch applied to Fortinet FortiOS version 7.0.5. Reportedly, attacker can exploit this vulnerability via SSH, tel

Vulnerability details CVE-2021-44171:

There are two ways to exploit this vulnerability: - Via diagnostic CLI commands (e.g. os command) - Via CLI command injection

You can protect your FortiSwitches from this attack by upgrading to the latest software version. Patch applied to Fortinet FortiOS version 7.0.5. Reportedly, attacker can exploit this vulnerability via SSH, telnet, SNMP, etc. You can protect your FortiSwitches from this attack by upgrading to the latest software version. Patch applied to Fortinet FortiOS version 7.0.4. Reportedly, attacker can exploit this vulnerability via SSH, telnet, SNMP, etc. You can protect your FortiSwitches from this attack by upgrading to the latest software version. Patch applied to Fortinet FortiOS version 7.0.3

Timeline

Published on: 10/10/2022 14:15:00 UTC
Last modified on: 10/12/2022 18:45:00 UTC

References

• https://fortiguard.com/psirt/FG-IR-21-242
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44171