CVE Vulnerabilities

CVE-2021-22128

Published: Mar 04, 2021 | Modified: Jul 12, 2022
CVSS 3.x
4.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality.

Affected Software

Name Vendor Start Version End Version
Fortiproxy Fortinet * 1.2.9 (including)
Fortiproxy Fortinet 2.0.0 (including) 2.0.0 (including)

References