← back
CVE-2021-22128

CVE-2021-22128

CVSS 7.1 HIGHEPSS 1.0%
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.1EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
04 Mar 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Affected products
Fortinet · Fortinet FortiProxy

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://fortiguard.com/advisory/FG-IR-20-235