A high-severity OS Command Injection vulnerability has been discovered in multiple Fortinet products, including FortiWeb. This flaw allows a remote attacker to execute arbitrary commands on the affected device, potentially leading to a full system compromise, data theft, and further intrusion into the corporate network. Due to confirmed active exploitation in the wild, this vulnerability presents a critical and immediate risk to the organization.

This vulnerability is an OS Command Injection, classified under CWE-78. It arises because a component within the FortiWeb software fails to properly sanitize user-supplied input before passing it to the underlying operating system for execution. An unauthenticated remote attacker can craft a special request containing malicious shell metacharacters (e.g., ;, |, &&) which are then executed by the system with the privileges of the application. Successful exploitation grants the attacker the ability to run arbitrary commands on the target device.

This vulnerability is rated as High severity with a CVSS score of 7.2. A successful exploit would grant an attacker complete control over the compromised Fortinet appliance, which often serves as a critical perimeter security device. The business impact includes the potential for sensitive data exfiltration, interception and manipulation of network traffic, and using the compromised device as a pivot point to launch further attacks against the internal network. The operational disruption and reputational damage from a compromised security appliance are significant, potentially leading to widespread system outages and regulatory fines.

Immediate Action: Immediately identify all vulnerable Fortinet appliances within the environment. Apply the security updates provided by Fortinet without delay, following your organization's emergency change management process. After patching, review system and access logs for any signs of compromise that may have occurred prior to the update.

Proactive Monitoring: Enhance monitoring of all affected devices. Specifically, search access logs for unusual or malformed requests, especially those containing shell command syntax. Monitor for unexpected outbound network connections from the device's management interface, the creation of new user accounts, and any anomalous system processes or CPU/memory utilization spikes.

Compensating Controls: If immediate patching is not feasible, restrict access to the device's management interface to a secure, isolated management network or a limited set of trusted IP addresses. Implement strict firewall rules to block all non-essential inbound and outbound traffic to and from the appliance itself.

Public Exploit Available: true

Given the high severity of this OS Command Injection vulnerability, its presence on critical perimeter security devices, and its confirmed status as being actively exploited, immediate action is required. We strongly recommend that all affected Fortinet products be patched on an emergency basis, treating this as a critical priority. The risk of compromise is extremely high, and organizations should assume they are being actively targeted by threat actors seeking to exploit this flaw.