FortiProxy SSL-VPN Improper Access Control vulnerability through the Quick connection functionality


An improper access control vulnerability in FortiProxy SSL VPN portal may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality.

Affected Products

FortiProxy version 2.0.0
FortiProxy versions 1.2.9 and below.
FortiProxy versions 1.1.6 and below.
FortiProxy versions 1.0.7 and below.


Please upgrade to FortiProxy versions 2.0.1 or above. Please upgrade to FortiProxy versions 1.2.10 or above.


Internally discovered and reported by the Fortinet PSIRT Team.