Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Dec 24, 2021

CVE-2021-44168

High
EPSS 1.4%CISA KEV
Fortinet/FortiOS

Description

Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files.

EPSS — Exploit Probability

1.4%

Higher than 80.5% of all CVEs

Required Action

https://nvd.nist.gov/vuln/detail/CVE-2021-44168

Risk Assessment

ELEVATED
In CISA KEV

Details

Severity
High
EPSS
1.4%
CISA KEV
Yes
Ransomware
Unknown
Articles
0

Timeline

Published

Dec 10, 2021

Added to KEV

Dec 10, 2021

Remediation Due

Dec 24, 2021

Affected Product

Fortinet

FortiOS

View all Fortinet CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE