VDB
CVE-2021-22128
CVE-2021-22128
PUBLISHED
CVSS 7.099999904632568 HIGH
An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality.
EPSS 0.21% · 43.8th percentile
Risk Scores
CVSS 3.1
7.099999904632568
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
EPSS Score
0.21%
43.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortinet FortiProxy | FortiProxy 2.0.0, 1.2.9 and below |
| fortinet | fortiproxy | 0, 2.0.0 |
Exploit Intelligence
Timeline
- Mar 4, 2021 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://fortiguard.com/advisory/FG-IR-20-235 url
- https://www.fortiguard.com/psirt/FG-IR-20-235 advisory
- https://www.fortiguard.com/psirt/FG-IR-20-230 advisory
- https://www.fortiguard.com/psirt/FG-IR-20-236 advisory
- https://www.fortiguard.com/psirt/FG-IR-20-224 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-22128 advisory