CVE-2021-26107
published 2021-11-02CVE-2021-26107: An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile…
medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortimanager | — | — |
| fortinet | fortimanager | — | — |
| fortinet | fortimanager | — | — |
| fortinet | fortinet_fortimanager | — | — |