CVE-2021-22123

2021-06-0119:58:35

fortinet

www.cve.org

cve-2021-22123

remote attacker

arbitrary commands

saml server configuration

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

AI Score

Confidence

High

EPSS

0.021

Percentile

89.3%

JSON

An OS command injection vulnerability in FortiWeb’s management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page.

CNA Affected

[
  {
    "product": "Fortinet FortiWeb",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiWeb 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x"
      }
    ]
  }
]