CVE-2021-24006
published 2021-09-06CVE-2021-24006: An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user profile to access…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortimanager | — | — |
| fortinet | fortimanager | >= 6.4.0 < 6.4.4 | 6.4.4 |
| fortinet | fortinet_fortimanager | — | — |