ID

VAR-202103-0560


CVE

CVE-2021-22128


TITLE

FortiProxy  Authentication Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2021-004234

DESCRIPTION

An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality. FortiProxy Contains an improper authentication vulnerability.Information may be obtained. Fortinet FortiProxy SSL VPN is an application software of the United States (Fortinet) company. An intrusion detection function is provided. There is a security vulnerability in FortiProxy SSL VPN, which allows attackers to exploit the vulnerability to obtain credentials of SSL VPN users

Trust: 1.71

sources: NVD: CVE-2021-22128 // JVNDB: JVNDB-2021-004234 // VULHUB: VHN-380537

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiproxyscope:lteversion:1.2.9

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:eqversion:2.0.0

Trust: 1.0

vendor:フォーティネットmodel:fortiproxyscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortiproxyscope:eqversion:2.0.0

Trust: 0.8

vendor:フォーティネットmodel:fortiproxyscope:lteversion:1.2.9 and earlier

Trust: 0.8

sources: JVNDB: JVNDB-2021-004234 // NVD: CVE-2021-22128

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22128
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2021-22128
value: HIGH

Trust: 1.0

NVD: CVE-2021-22128
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202103-324
value: MEDIUM

Trust: 0.6

VULHUB: VHN-380537
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-22128
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-380537
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-22128
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2021-22128
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-22128
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-380537 // JVNDB: JVNDB-2021-004234 // CNNVD: CNNVD-202103-324 // NVD: CVE-2021-22128 // NVD: CVE-2021-22128

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:Bad authentication (CWE-863) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-004234 // NVD: CVE-2021-22128

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-324

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202103-324

PATCH

title:FG-IR-20-235url:https://fortiguard.com/advisory/FG-IR-20-235

Trust: 0.8

title:Fortinet FortiProxy SSL VPN Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=143734

Trust: 0.6

sources: JVNDB: JVNDB-2021-004234 // CNNVD: CNNVD-202103-324

EXTERNAL IDS

db:NVDid:CVE-2021-22128

Trust: 2.5

db:JVNDBid:JVNDB-2021-004234

Trust: 0.8

db:CNNVDid:CNNVD-202103-324

Trust: 0.7

db:AUSCERTid:ESB-2021.0775

Trust: 0.6

db:VULHUBid:VHN-380537

Trust: 0.1

sources: VULHUB: VHN-380537 // JVNDB: JVNDB-2021-004234 // CNNVD: CNNVD-202103-324 // NVD: CVE-2021-22128

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-20-235

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-22128

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2021.0775

Trust: 0.6

sources: VULHUB: VHN-380537 // JVNDB: JVNDB-2021-004234 // CNNVD: CNNVD-202103-324 // NVD: CVE-2021-22128

SOURCES

db:VULHUBid:VHN-380537
db:JVNDBid:JVNDB-2021-004234
db:CNNVDid:CNNVD-202103-324
db:NVDid:CVE-2021-22128

LAST UPDATE DATE

2024-08-14T13:44:56.814000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-380537date:2022-07-12T00:00:00
db:JVNDBid:JVNDB-2021-004234date:2021-11-17T03:16:00
db:CNNVDid:CNNVD-202103-324date:2022-07-14T00:00:00
db:NVDid:CVE-2021-22128date:2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:VULHUBid:VHN-380537date:2021-03-04T00:00:00
db:JVNDBid:JVNDB-2021-004234date:2021-11-17T00:00:00
db:CNNVDid:CNNVD-202103-324date:2021-03-04T00:00:00
db:NVDid:CVE-2021-22128date:2021-03-04T18:15:13.130