Vulnerability Details CVE-2021-22128
An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.7%
CVSS Severity
CVSS v3 Score 7.1
CVSS v2 Score 4.0
References
Products affected by CVE-2021-22128
-
cpe:2.3:a:fortinet:fortiproxy:1.0.0
-
cpe:2.3:a:fortinet:fortiproxy:1.0.1
-
cpe:2.3:a:fortinet:fortiproxy:1.0.2
-
cpe:2.3:a:fortinet:fortiproxy:1.0.3
-
cpe:2.3:a:fortinet:fortiproxy:1.0.4
-
cpe:2.3:a:fortinet:fortiproxy:1.0.5
-
cpe:2.3:a:fortinet:fortiproxy:1.0.6
-
cpe:2.3:a:fortinet:fortiproxy:1.0.7
-
cpe:2.3:a:fortinet:fortiproxy:1.1.0
-
cpe:2.3:a:fortinet:fortiproxy:1.1.1
-
cpe:2.3:a:fortinet:fortiproxy:1.1.2
-
cpe:2.3:a:fortinet:fortiproxy:1.1.3
-
cpe:2.3:a:fortinet:fortiproxy:1.1.4
-
cpe:2.3:a:fortinet:fortiproxy:1.1.5
-
cpe:2.3:a:fortinet:fortiproxy:1.1.6
-
cpe:2.3:a:fortinet:fortiproxy:1.2.0
-
cpe:2.3:a:fortinet:fortiproxy:1.2.1
-
cpe:2.3:a:fortinet:fortiproxy:1.2.2
-
cpe:2.3:a:fortinet:fortiproxy:1.2.3
-
cpe:2.3:a:fortinet:fortiproxy:1.2.4
-
cpe:2.3:a:fortinet:fortiproxy:1.2.5
-
cpe:2.3:a:fortinet:fortiproxy:1.2.6
-
cpe:2.3:a:fortinet:fortiproxy:1.2.7
-
cpe:2.3:a:fortinet:fortiproxy:1.2.8
-
cpe:2.3:a:fortinet:fortiproxy:1.2.9
-
cpe:2.3:a:fortinet:fortiproxy:2.0.0