CVE-2021-22123

CVE Database · CVE-2021-22123

CVE-2021-22123

· HIGHModified

CVSS v3.1

7.6

EPSS

77.27%

Published

Jun 1, 2021

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Weaknesses (CWE)

CWE-78

Affected Products (2)

fortinet · fortiweb (up to 6.2.4)vulnerable

fortinet · fortiweb (up to 6.3.8)vulnerable

References (2)

https://fortiguard.com/advisory/FG-IR-20-120

Vendor Advisory

https://fortiguard.com/advisory/FG-IR-20-120

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs