What is CVE-2021-22123?

CVE-2021-22123 is a high-severity vulnerability in Fortinet Fortiweb. CVSS score: 7.6/10. Published 2021-06-01.

How severe is CVE-2021-22123?

High severity. CVSS v3 base score is 7.6 out of 10.

Is CVE-2021-22123 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Fortinet Fortiweb

CVE-2021-22123

An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server config…

EPSS: 0.805 (99.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H.

Affected products

Fortinet Fortiweb — versions FortiWeb 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x

Public proof-of-concept exploits

References

fortiguard.com/advisory/FG-IR-20-120 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-22123?: CVE-2021-22123 is a high-severity vulnerability in Fortinet Fortiweb. CVSS score: 7.6/10. Published 2021-06-01.
How severe is CVE-2021-22123?: High severity. CVSS v3 base score is 7.6 out of 10.
Is CVE-2021-22123 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.