CVE-2021-22128

EPSS 0.39%
Published 04.03.2021 18:15:13
Last modified 21.11.2024 05:49:33
Source psirt@fortinet.com
Teams watchlist Login
Open Login

An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality.

Affected products Warnungen 0 Metrics 4 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Fortinet ≫ Fortiproxy Version <= 1.2.9

Fortinet ≫ Fortiproxy Version2.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.39%	0.567

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
psirt@fortinet.com	7.1	2.8	4.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

https://fortiguard.com/advisory/FG-IR-20-235

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-22128

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-22128

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-22128

EUVD