CVE-2021-22130 — Vulnetix

CVE-2021-22130 PUBLISHED CVSS 9.100000381469727 CRITICAL

An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests

EPSS 0.62% · 70.3th percentile

Risk Scores

CVSS v3.1

9.100000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score

0.62%

70.3th percentile

Affected Products

Vendor	Product	Versions
Fortinet	Fortinet FortiOS, FortiProxy	*

Timeline

Jun 2, 2021 CVE Published
Jun 4, 2021 EPSS Score
Aug 6, 2021 EPSS Score
Oct 6, 2021 EPSS Score
Dec 6, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 5, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 6, 2022 EPSS Score
Jun 6, 2022 EPSS Score
Jun 13, 2022 PoC Published
Aug 7, 2022 EPSS Score

References

https://www.fortiguard.com/psirt/FG-IR-21-002 advisory
https://www.fortiguard.com/psirt/FG-IR-20-049 advisory
https://www.fortiguard.com/psirt/FG-IR-20-231 advisory
https://www.fortiguard.com/psirt/FG-IR-21-006 advisory
https://www.fortiguard.com/psirt/FG-IR-18-157 advisory
https://www.fortiguard.com/psirt/FG-IR-21-001 advisory
https://www.fortiguard.com/psirt/FG-IR-20-233 advisory
https://www.fortiguard.com/psirt/FG-IR-20-147 advisory
https://www.fortiguard.com/psirt/FG-IR-21-018 advisory
https://www.fortiguard.com/psirt/FG-IR-20-137 advisory
https://www.fortiguard.com/psirt/FG-IR-20-120 advisory
https://www.fortiguard.com/psirt/FG-IR-20-199 advisory
https://www.fortiguard.com/psirt/FG-IR-21-026 advisory
https://fortiguard.com/advisory/FG-IR-18-389 url
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13382 url

Open in Interactive Console →