Vulnerability fixed in FortiWeb

🗓️ 19 Aug 2021 00:00:00Reported by NCSCType

ncsc

ncsc🔗 advisories.ncsc.nl👁 3 Views

FortiWeb vulnerability fixed; updates released to prevent remote code execution by a malicious user.

Reporter	Title	Published	Views	Family All 18
BDU FSTEC	The vulnerability of FortiWeb web applications’ network firewalls arises from the failure to take measures to neutralize special elements used in the operating system’s command set. This vulnerability allows attackers to execute arbitrary commands.	29 Jun 202100:00	–	bdu_fstec
Circl	CVE-2021-22123	2 Jun 202106:43	–	circl
CNNVD	Fortinet FortiWeb 操作系统命令注入漏洞	1 Jun 202100:00	–	cnnvd
CNVD	FortiWeb OS Command Injection Vulnerability	2 Jun 202100:00	–	cnvd
CVE	CVE-2021-22123	1 Jun 202119:58	–	cve
Cvelist	CVE-2021-22123	1 Jun 202119:58	–	cvelist
GithubExploit	Exploit for OS Command Injection in Fortinet Fortiweb	18 Aug 202110:54	–	githubexploit
Fortinet	FortiWeb - OS command injection vulnerability	1 Jun 202100:00	–	fortinet
Tenable Nessus	Fortinet FortiWeb ] Restricted user can execute arbitrary commands with root privileges (OS command Injection). (FG-IR-20-120)	27 Oct 202400:00	–	nessus
Tenable Nessus	Fortinet FortiWeb OS command injection vulnerability (FG-IR-21-116)	26 Oct 202400:00	–	nessus

19 Aug 2021 00:00Current

7.6High risk

Vulners AI Score7.6

CVSS 3.17.6 - 8.8

CVSS 29

EPSS0.80497

SSVC

Fortinet FortiWeb remote code execution vulnerability fix software updates