virus logo Intrusion Prevention

Fortinet.FortiWeb.SAML.Server.Configuration.Command.Injection

description-logoDescription

This indicates an attack attempt to exploit a Command Injection Error Vulnerability in Fortinet FortiWeb.
The vulnerability is due to insufficient input validation of the name parameter in requests sent to the SAML server configuration page. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in arbitrary command execution with privileges of the root user.

affected-products-logoAffected Products

Fortinet FortiWeb 6.2.x prior to 6.2.5
Fortinet FortiWeb 6.3.x prior to 6.3.15
Fortinet FortiWeb 6.4.0

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.fortiguard.com/psirt/FG-IR-21-116

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2021-10-13 18.177 Default_action:pass:drop
2021-10-05 18.170
ID 50796
Created Sep 27, 2021
Updated Oct 12, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2021-22123
Exploit Prediction Score 2.14%
Default Action drop
Active
Affected OS Windows
Affected App Other