CVE-2021-44171: 
FortiOS vulnerability analysis and mitigation

A command injection vulnerability (CVE-2021-44171) was discovered in Fortinet FortiOS versions 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.3. This vulnerability allows an authenticated attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands (Fortiguard PSIRT).

The vulnerability is classified as an improper neutralization of special elements used in an OS command (CWE-78). It has received a CVSS v3.1 base score of 8.8 HIGH from NVD and 9.0 CRITICAL from Fortinet, with the following vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability specifically affects the CLI component of FortiOS (NVD Database, Fortiguard PSIRT).

The vulnerability allows an authenticated attacker with network access to execute unauthorized privileged commands on a linked FortiSwitch, potentially leading to complete compromise of the affected system with high impacts on confidentiality, integrity, and availability (Fortiguard PSIRT).

Fortinet has released patches to address this vulnerability. Organizations should upgrade to FortiOS version 7.0.7 or above, 6.4.9 or above, 6.2.11 or above, or 6.0.15 or above (Fortiguard PSIRT).