CVE-2021-22123

CVSS 7.6 HIGHEPSS 77.3%

In short

A vulnerability in FortiWeb's management interface allows authenticated users to inject and run arbitrary system commands through the SAML server configuration page. This could let an attacker take complete control of the affected system.

Technical detail

OS command injection vulnerability in FortiWeb management interface (versions 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x) accessible via SAML server configuration page. Attack requires prior authentication and allows execution of arbitrary OS commands with system privileges, leading to complete system compromise.

Summary generated and translated by AI from the official description.

An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Affected products

Fortinet · Fortinet FortiWeb

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fortiguard.com/advisory/FG-IR-20-120