vulnerability

Fortinet FortiOS: Out-of-bounds Write (CVE-2021-36173)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Dec 8, 2021	Mar 18, 2022	Aug 11, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Dec 8, 2021

Added

Mar 18, 2022

Modified

Aug 11, 2025

Description

A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker to execute arbitrary code via specially crafted installation images.

Solution

fortios-upgrade-latest

References

CVE-2021-36173
https://attackerkb.com/topics/CVE-2021-36173
CWE-787
URL-https://fortiguard.com/advisory/FG-IR-21-115

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today