CVE-2021-36169

Name of the Vulnerable Software and Affected Versions FortiOS versions 6.4.x through 6.4.6 FortiOS versions 7.x through 7.0.0

Description The issue is related to a hidden functionality in Fortinet FortiOS that allows an attacker to execute unauthorized code or commands. This can be achieved via specific hex read/write operations or through the use of certain console commands, such as print str and cmd mem cli commands, which enable reading and writing hexadecimal values to any memory address. The vulnerability is associated with authorization errors in the debug functionality of FortiGate operating systems.

Recommendations For FortiOS versions 6.4.x through 6.4.6, update to version 6.4.7 or later. For FortiOS versions 7.x through 7.0.0, update to version 7.0.1 or later. As a temporary workaround, consider restricting access to the debug functionality and limiting the use of print str and cmd mem cli commands to minimize the risk of exploitation.