FortiProxy SSL-VPN —Security Vulnerability Update

Home/Security Update/FortiProxy SSL-VPN —Security Vulnerability Update

FortiProxy SSL-VPN —Security Vulnerability Update

Fortinet released security fix for the vulnerability — Security ByPass

CVE-2021-22128 — FortiProxy SSL VPN

FortiProxy — a secure web proxy that protects employees against internet-borne attacks by incorporating multiple detection techniques.

Techniques such as web filtering, DNS filtering, data loss prevention, antivirus, intrusion prevention and advanced threat protection.

However, Fortinet PSIRT Team discovered a security bypass vulnerability was found in Fortinet FortiProxy SSL VPN.

Vulnerability Description:

An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality.

However, Successful exploitation can enable an attacker to access internal service.

Affected Products

Here the vulnerable FortiProxy version are:

  • v2.0.0
  • v1.2.9 and below
  • v1.1.6 and below
  • v1.0.7 and below

Severity

Also, the vulnerability is considered as MEDIUM severity with below base score:

CVSSv3 Score6.9

Solutions

According to Fortinet PSIRT Team, recommended to upgrade FortiProxy to

  • versions 2.0.1 or above
  • versions 1.2.10 or above.

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

By | 2021-03-12T09:25:09+05:30 March 12th, 2021|Security Update|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!