Rewterz Threat Advisory – CVE-2021-22123 – Fortinet FortiWeb Command Execution

Rewterz Threat Advisory – CVE-2021-26111 – Fortinet FortiSwitch Denial of Service

June 2, 2021

Rewterz Threat Advisory – CVE-2021-29740 – IBM Spectrum Scale Privilege Escalation

June 2, 2021

Rewterz Threat Advisory – CVE-2021-22123 – Fortinet FortiWeb Command Execution

Severity

High

Analysis Summary

CVE-2021-22123

Fortinet FortiWeb could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection flaw in the SAML server configuration page. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

Impact

Unauthorized Access

Affected Vendors

Fortinet

Affected Products

Fortinet FortiWeb 6.3.7
Fortinet FortiWeb 6.2.3

Remediation

Refer to FortiGuard Advisory for patch, upgrade or suggested workaround information.

https://www.fortiguard.com/psirt/FG-IR-20-120

Rewterz Threat Advisory – CVE-2021-26111 – Fortinet FortiSwitch Denial of Service

Rewterz Threat Advisory – CVE-2021-29740 – IBM Spectrum Scale Privilege Escalation

Rewterz Threat Advisory – CVE-2021-22123 – Fortinet FortiWeb Command Execution

Severity

Analysis Summary

CVE-2021-22123

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan