Описание
An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.9 (включая)
Одно из
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.0:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00372
Низкий
7.1 High
CVSS3
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
CVSS3: 4.3
github
больше 3 лет назад
An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality.
EPSS
Процентиль: 58%
0.00372
Низкий
7.1 High
CVSS3
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
NVD-CWE-Other