PT-2021-14858 · Fortinet · Fortiproxy Ssl Vpn Portal

Published

2021-03-04

Updated

2022-07-12

CVE-2021-22128

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Name of the Vulnerable Software and Affected Versions FortiProxy SSL VPN portal versions 1.2.9 and below, version 2.0.0

Description The issue is related to improper access control, which may allow an authenticated, remote attacker to access internal services, such as the ZebOS Shell, through the Quick Connection functionality.

Recommendations For FortiProxy SSL VPN portal versions 1.2.9 and below, consider restricting access to the Quick Connection functionality until a fix is available. For version 2.0.0, consider restricting access to the Quick Connection functionality until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-22128

Affected Products

Fortiproxy Ssl Vpn Portal

PT-2021-14858 · Fortinet · Fortiproxy Ssl Vpn Portal

CVE-2021-22128

Related Identifiers

Affected Products

References · 3