Technical Severity
LOW
CVSS v3.1 Metrics
3.3
/ 10
Minimal Risk
Critical
Vector Specification
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:U/RC:C
Exploitation Likelihood
EPSS Prediction
1.43
%
Predictive Probability
Percentile Rank
80.3
th
Documented as more likely to be exploited than 80.3% of known CVEs.
Detection Date
Dec 10, 2021
Remediation Due
Dec 24, 2021
CISA Catalog Active
Threat Analysis
Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files.
Remediation Directive
Apply updates per vendor instructions.