This module uses an authenticated OS command injection vulnerability in Fortinet FortiWeb to deploy a python agent. First, the module will login in the target application using the given credentials. If no credentials are supplied, the module will attempt to create a new user with administrative privileges (prof_admin) in the target system using random credentials via CVE-2025-64446 vulnerability. If authentication succeeds, the module will save the new user credentials as an identity in Impact. Next, the module will retrieve the target system version via the /api/v2.0/system/state endpoint. The version will be used to select the attack payload. Then, the module will switch to websockets usage via the /ws/cli/open endpoint to access the CLI. Finally, it will send CLI commands to create a new SAML configuration with the OS commands to deploy a python agent. The deployed python agent will run with root user privileges.
CVE Link
Exploit Platform
Exploit Type
Product Name