VYPR
Unrated severityNVD Advisory· Published Mar 4, 2021· Updated Oct 25, 2024

CVE-2021-22128

CVE-2021-22128

Description

An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality.

Affected products

2
  • Fortinet/Fortiproxyllm-fuzzy2 versions
    2.0.0, <=1.2.9+ 1 more
    • (no CPE)range: 2.0.0, <=1.2.9
    • (no CPE)range: FortiProxy 2.0.0, 1.2.9 and below

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.