1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Fortinet FortiOS Arbitrary File Download

Known Exploited Vulnerabilities CVE-2021-44168

A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2021-44168 Fortinet FortiOS Arbitrary File Download primary_impact T1601 Modify System Image
Comments
CVE-2021-44168 is an unverified update download vulnerability that can be exploited by adversaries with local access creating specifically crafted download packages.
References
  1. https://www.fortiguard.com/psirt/FG-IR-21-201
CVE-2021-44168 Fortinet FortiOS Arbitrary File Download exploitation_technique T1078.003 Local Accounts
Comments
CVE-2021-44168 is an unverified update download vulnerability that can be exploited by adversaries with local access creating specifically crafted download packages.
References
  1. https://www.fortiguard.com/psirt/FG-IR-21-201