Fortinet has recently found a high-severity vulnerability (CVE-2021-22123) affecting its FortiWeb WAF, a remote, authenticated attacker can exploit it to execute arbitrary commands via the SAML server configuration page.

An OS command injection vulnerability in FortiWeb’s management interface may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page.

The flaw received a CVSSv3 score of 7.4 and the company addressed the issue with the release of FortiWeb versions 6.3.8 and 6.2.4.

The CVE-2020-29015 is a blind SQL injection flaw that a remote, unauthenticated attacker could exploit to execute SQL commands or queries by sending a specially crafted request.

The command injection vulnerability in the FortiWeb management interface may allow an authenticated remote attacker to execute arbitrary commands in the system. Executing commands with maximum privileges will result in the attacker gaining full control over the server. Due to incorrect configuration the firewall administration interface is available on the Internet, and the product itself is not updated to the latest versions, then the combination of CVE-2021-22123 and CVE-2020-29015 may allow an attacker to penetrate the internal network.