6.4.5

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

fortinet

NVD

Published: 2021-11-02

Updated: 2022-06-28

Summary

An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager.

Vulnerable Configurations

Part	Description	Count
Application	Fortinet Fortinet Fortimanager 6.4.4 Fortinet Fortimanager 6.4.5	2

References

https://www.fortiguard.com/psirt?date=11-2021&risk=3
https://fortiguard.com/advisory/FG-IR-21-043