Main Vulnerability Database Vulnerabilities #VU51224

#VU51224 Improper access control in FortiProxy - CVE-2021-22128

Published: March 4, 2021

Vulnerability identifier: #VU51224

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-22128

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiProxy

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted resources.

The vulnerability exists due to improper access restrictions within the Quick connection functionality implementation. A remote authenticated user can bypass implemented security restrictions and access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality

Remediation

Install updates from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-20-235

#VU51224 Improper access control in FortiProxy - CVE-2021-22128

Description

Remediation

External links

Please verify you're human