Fortinet has recently addressed a high-severity vulnerability (CVE-2021-22123) affecting its FortiWeb web application firewall (WAF), a remote, authenticated attacker can exploit it to execute arbitrary commands via the SAML server
OVERVIEW
▪ Fortinet has recently fixed a high-severity RCE vulnerability affecting its FortiWeb web application firewall (WAF) that can be exploited by remote attackers to execute arbitrary commands.
▪ The high-severity vulnerability (CVE-2021-22123) allows a remote, authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page.
▪ The vulnerability in the management interface of FortiWeb firewall was discovered by a cybersecurity firm Positive Technologies.