Security News > 2021 > August > High-Severity Command Injection Vulnerability Found in Fortinet Firewall
Researchers have discovered a vulnerability in Fortinet's FortiWeb web application firewall, and while it has been classified as high severity, the actual risk of exploitation in the wild seems low.
Tod Beardsley, director of research at Rapid7, told SecurityWeek that they have not seen any information from Fortinet regarding a patch, but they do expect the vulnerability to be fixed soon.
The issue identified by Vu is a variation of CVE-2021-22123, a FortiWeb OS command injection vulnerability patched by Fortinet a few months ago.
Rapid7 pointed out that while its recent scans showed roughly one million internet-exposed Fortinet devices, only some of those are FortiWeb systems, and only a small fraction of those expose their management interface to the web.
Given the widespread use of Fortinet products, it's not surprising that many state-sponsored and profit-driven threat actors have been exploiting vulnerabilities in these products.
The U.S. government has issued several warnings and advisories related to the exploitation of Fortinet vulnerabilities.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-01 | CVE-2021-22123 | OS Command Injection vulnerability in Fortinet Fortiweb An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page. | 8.8 |