Heap-based Buffer Overflow in firmware signature verification Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-115 Final 1 1 2021-12-07T00:00:00 Current version 2021-12-07T00:00:00 2021-12-07T00:00:00 A heap-based buffer overflow [CWE-122] in the firmware signature verification function of FortiOS may allow an attacker to execute arbitrary code via specially crafted installation images. None Execute unauthorized code or commands FortiGate E-series and F-series models released in 2019 and later (specifically: 40F, 60F, 200F, 400E, 600E, 1100E, 1800F, 2200E, 2600F, 3300E, 3400E, 3500F, 3600E and 7121F)that are running the following versions of FortiOS:FortiOS version 7.0.1 and below.FortiOS version 6.4.6 and below.FortiOS version 6.2.9 and below.FortiOS version 6.0.13 and below.FortiOS-6K7K version 6.4.5 and below.FortiOS-6K7K version 6.2.8 and below.FortiOS-6K7K version 6.0.10 and below. Upgrade to FortiOS version 7.0.2 and above.Upgrade to FortiOS version 6.4.7 and above.Upgrade to FortiOS version 6.2.10 and above.Upgrade to FortiOS version 6.0.14 and above.Upgrade to FortiOS-6K7K version 6.4.6 and above.Upgrade to FortiOS-6K7K version 6.2.9 and above. Internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team. CVE-2021-36173 7.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-21-115 Heap-based Buffer Overflow in firmware signature verification Reference>