Published: 01/06/2021 Updated: 10/06/2021
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Summary

An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated malicious user to execute arbitrary commands on the system via the SAML server configuration page.

Most Upvoted Vulmon Research Post

Fortinet FortiWeb OS Command Injection PoC The patch will be released at the end of August https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fortinet fortiweb

Github Repositories

[CVE-2021-22123] Fortinet FortiWeb Authenticated OS Command Injection The command injection vulnerability in the FortiWeb management interface may allow an authenticated remote attacker to execute arbitrary commands in the system via the SAML server configuration page Executing commands with maximum privileges will result in the attacker gaining full control over the server