CVE-2021-22128
First published: Thu Mar 04 2021(Updated: )
An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiProxy | <=1.2.9 | |
| Fortinet FortiProxy | =2.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-22128?
CVE-2021-22128 is an improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions.
How does CVE-2021-22128 affect FortiProxy SSL VPN portal?
CVE-2021-22128 may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality.
Which versions of FortiProxy SSL VPN portal are affected by CVE-2021-22128?
CVE-2021-22128 affects FortiProxy SSL VPN portal 2.0.0 and 1.2.9 versions.
How severe is CVE-2021-22128?
CVE-2021-22128 has a severity rating of 4.3 (high).
How can I find more information about CVE-2021-22128?
You can find more information about CVE-2021-22128 on the FortiGuard advisory page: https://fortiguard.com/advisory/FG-IR-20-235
- collector/nvd-index
- agent/severity
- agent/references
- agent/tags
- agent/event
- agent/author
- agent/description
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/fortinet
- canonical/fortinet fortiproxy
- version/fortinet fortiproxy/1.2.9
- version/fortinet fortiproxy/2.0.0