November 30, 2023

Fortinet has recently found a high-severity vulnerability (CVE-2021-22123) affecting its FortiWeb WAF, a remote, authenticated attacker can exploit it to execute arbitrary commands via the SAML server configuration page.

An OS command injection vulnerability in FortiWeb’s management interface may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page.

The flaw received a CVSSv3 score of 7.4 and the company addressed the issue with the release of FortiWeb versions 6.3.8 and 6.2.4.

The CVE-2020-29015 is a blind SQL injection flaw that a remote, unauthenticated attacker could exploit to execute SQL commands or queries by sending a specially crafted request.

The command injection vulnerability in the FortiWeb management interface may allow an authenticated remote attacker to execute arbitrary commands in the system. Executing commands with maximum privileges will result in the attacker gaining full control over the server. Due to incorrect configuration the firewall administration interface is available on the Internet, and the product itself is not updated to the latest versions, then the combination of CVE-2021-22123 and CVE-2020-29015 may allow an attacker to penetrate the internal network.

Tags:

Leave a Reply

Related Post

BlueVoyant Acquires Conquest Cyber

November 30, 2023

Google Fixes Sixth Chrome ZeroDay of 2023

November 29, 2023

You may have missed

BlueVoyant Acquires Conquest Cyber

November 30, 2023

Google Fixes Sixth Chrome ZeroDay of 2023

November 29, 2023

Ardent Health Services affected by a cyber incident

November 29, 2023

GE and DARPA – Claimed Hack raises concerns

November 28, 2023

POC released for Splunk Enterprise Vulnerability- CVE-2023-46214

November 28, 2023

AWS Detective adds new Capabilities

November 27, 2023
%d bloggers like this: