CVE-2021-22123 is an OS command injection vulnerability impacting multiple versions of Fortinet FortiWeb’s management interface. A proof of concept (PoC) was observed in open source. A successful exploitation of this vulnerability would allow an authenticated attacker to remotely execute arbitrary commands on the system via the SAML server configuration page.
PoC Links(if available):
Rapid7: Fortinet FortiWeb OS Command Injection –
Known Counter Measures:
Fortinet addressed the vulnerability in FortiWeb versions 6.3.8 or above.
Links to patches(if available)