===================================================================== CERT-Renater Note d'Information No. 2022/VULN365 _____________________________________________________________________ DATE : 10/10/2022 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): FortiOS versions prior to 7.0.7, 6.4.9, 6.2.11, 6.0.15. ===================================================================== https://www.fortiguard.com/psirt/FG-IR-21-242 _____________________________________________________________________ IR Number FG-IR-21-242 Date Oct 10, 2022 Severity High CVSSv3 Score 8.8 Impact Execute unauthorized code or commands CVE ID CVE-2021-44171 Affected Products FortiOS : 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.10, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.1, 6.0.0 CVRF Download PSIRT Advisories FortiOS - Privilege escalation via switch-control CLI command Summary An improper neutralization of special elements used in an os command [CWE-78] vulnerability in FortiOS may allow an authenticated attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands. Affected Products FortiOS version 6.0.0 through 6.0.14 FortiOS version 6.2.0 through 6.2.10 FortiOS version 6.4.0 through 6.4.8 FortiOS version 7.0.0 through 7.0.3 Solutions Upgrade to FortiOS version 7.0.7 or above Upgrade to FortiOS version 6.4.9 or above Upgrade to FortiOS version 6.2.11 or above Upgrade to FortiOS version 6.0.15 or above _ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================