Published: 01/06/2021 Updated: 10/06/2021
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Summary

An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated malicious user to execute arbitrary commands on the system via the SAML server configuration page.

Most Upvoted Vulmon Research Post

Fortinet FortiWeb OS Command Injection PoC The patch will be released at the end of August https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fortinet fortiweb

Github Repositories

[CVE-2021-22123] Fortinet FortiWeb Authenticated OS Command Injection The command injection vulnerability in the FortiWeb management interface may allow an authenticated remote attacker to execute arbitrary commands in the system via the SAML server configuration page Executing commands with maximum privileges will result in the attacker gaining full control over the server

主流供应商的一些攻击性漏洞汇总 网络安全专家 @Alexander Knorr 在推特上分享的一些有关于供应商的一些 CVE 严重漏洞,详情,仅列出了 CVE 编号,无相关漏洞详情。所以在分享的图片基础上进行新增了漏洞 Title,官方公告,漏洞分析,利用代码,概念证明以及新增或删减了多个CVE等,另外

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-