Vulnerabilities > CVE-2021-26107 - Incorrect Authorization vulnerability in Fortinet Fortimanager 6.4.4/6.4.5

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
fortinet
CWE-863

Summary

An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager.

Vulnerable Configurations

Part Description Count
Application
Fortinet
2

Common Weakness Enumeration (CWE)