CVE-2021-22128 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-22128 PUBLISHED CVSS 7.099999904632568 HIGH

An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality.

EPSS 0.21% · 43.6th percentile

Risk Scores

CVSS v3.1

7.099999904632568

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

EPSS Score

0.21%

43.6th percentile

Affected Products

Vendor	Product	Versions
Fortinet	Fortinet FortiProxy	FortiProxy 2.0.0, 1.2.9 and below
fortinet	fortiproxy	0, 2.0.0

Timeline

Mar 4, 2021 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score

References

https://fortiguard.com/advisory/FG-IR-20-235 url
https://www.fortiguard.com/psirt/FG-IR-20-235 advisory
https://www.fortiguard.com/psirt/FG-IR-20-230 advisory
https://www.fortiguard.com/psirt/FG-IR-20-236 advisory
https://www.fortiguard.com/psirt/FG-IR-20-224 advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-22128 advisory

Open in Interactive Console →