CVE-2021-22123 – Fortinet / FortiWeb – OS command injection

August 24, 2021

CVE-2021-22123 is an OS command injection vulnerability impacting multiple versions of Fortinet FortiWeb’s management interface. A proof of concept (PoC) was observed in open source. A successful exploitation of this vulnerability would allow an authenticated attacker to remotely execute arbitrary commands on the system via the SAML server configuration page.

Summary:

CVE-2021-22123 is an OS command injection vulnerability impacting multiple versions of Fortinet FortiWeb’s management interface. A proof of concept (PoC) was observed in open source. A successful exploitation of this vulnerability would allow an authenticated attacker to remotely execute arbitrary commands on the system via the SAML server configuration page.

PoC Links(if available):

Rapid7: Fortinet FortiWeb OS Command Injection –
https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/

Known Counter Measures:

Fortinet addressed the vulnerability in FortiWeb versions 6.3.8 or above.

Links to patches(if available)

https://www.fortiguard.com/psirt/FG-IR-20-120

You may have missed

image

[QILIN] – Ransomware Victim: Zimmerman & Frachtman PA Law Firm

November 22, 2024
image

[QILIN] – Ransomware Victim: Calvert Home Mortgage Investment

November 22, 2024
image

[QILIN] – Ransomware Victim: LBCO Contracting LTD

November 22, 2024
unlock membership

Unveiling Blockchain Security: Safeguarding the Digital Ledger

November 22, 2024
news

A Fifth of UK Enterprises Uncertain About NIS2 Compliance Requirements

November 22, 2024