CVE-2021-22123

Summary

An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page.

Affected Software

VendorProductVersion RangeStatus
FortinetFortinet FortiWebFortiWeb 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.xaffected

Weaknesses

  • Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References