[FortiProxy] SSL-VPN Portal Internal Service Access Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-20-235 Final 1 1 2021-03-02T00:00:00 Current version 2021-03-02T00:00:00 2021-03-02T00:00:00 An improper access control vulnerability in FortiProxy SSL VPN portal may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality. Improper access control FortiProxy version 2.0.0FortiProxy versions 1.2.9 and below.FortiProxy versions 1.1.6 and below.FortiProxy versions 1.0.7 and below. Please upgrade to FortiProxy versions 2.0.1 or above.Please upgrade to FortiProxy versions 1.2.10 or above. Internally discovered and reported by the Fortinet PSIRT Team. CVE-2021-22128 6.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H/E:F/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-20-235 [FortiProxy] SSL-VPN Portal Internal Service Access Reference>