CVE-2021-22128

Published: Mar 4, 2021Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality.

Affected (2)

Products: Fortinet: Fortiproxy

Fortinet

1 product

Fortiproxy

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiproxy	Up to 1.2.9
Fortinet Fortiproxy	Version 2.0.0

References (2)

https://fortiguard.com/advisory/FG-IR-20-235

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/advisory/FG-IR-20-235

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.