CVE-2021-22128

CWE-863Incorrect Authorization4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 56.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiproxyFortinet Fortinet Fortiproxy
Timeline
PublishedMar 4
Latest updateMay 24

Description

An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:HExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

NVDfortinet/fortiproxy1.2.9+1
CVEListV5fortinet/fortinet_fortiproxyFortiProxy 2.0.0, 1.2.9 and below

🔴Vulnerability Details

2
GHSA
GHSA-mm5g-p9fc-43hm: An improper access control vulnerability in FortiProxy SSL VPN portal 22022-05-24
CVEList
CVE-2021-22128: An improper access control vulnerability in FortiProxy SSL VPN portal 22021-03-04

📋Vendor Advisories

1
Fortinet
An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authe...2021-03-04
CVE-2021-22128 (MEDIUM CVSS 4.3) | An improper access control vulnerab | cvebase.io