Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Vulnerability in FortiOS Products
Alerts

Vulnerability in FortiOS Products

8 December 2021

Fortinet has released security updates to address a vulnerability which allows download of code without integrity check in the “execute restore src-vis” command of FortiOS products ( CVE-2021-44168) . Successful exploitation of the vulnerability could allow an attacker to download arbitrary files on the devices.

Users and administrators are advised to check their systems for any indicators of compromise (IOCs) such as unexpected files or processes running on their FortiGate Devices. Please refer to the Fortinet advisory link below for more information on the IOCs.

Users and administrators using the following affected versions are advised to upgrade their software versions immediately:

  • FortiOS versions 6.0.13 and before (upgrade to FortiOS versions 6.0.14 or after)

  • FortiOS versions 6.2.9 and before (upgrade to FortiOS 6.2.10 or after)

  • FortiOS versions 6.4.7 and before (upgrade to FortiOS 6.4.8 or after)

  • FortiOS versions 7.0.2 and before (upgrade to FortiOS 7.0.3 or after)


More information is available here:
https://www.fortiguard.com/psirt/FG-IR-21-201

Back to top