Home

Description

An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality.

PUBLISHED Reserved 2021-01-04 | Published 2021-03-04 | Updated 2024-10-25 | Assigner fortinet




HIGH: 7.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Problem types

Improper Access Control

Product status

FortiProxy 2.0.0, 1.2.9 and below
affected

References

fortiguard.com/advisory/FG-IR-20-235

fortiguard.com/advisory/FG-IR-20-235

cve.org (CVE-2021-22128)

nvd.nist.gov (CVE-2021-22128)

Download JSON