CVE-2021-26107

Name of the Vulnerable Software and Affected Versions FortiManager versions 6.4.4 and 6.4.5

Description The issue is related to improper access control, allowing an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager.

Recommendations For FortiManager versions 6.4.4 and 6.4.5, consider restricting access to the VPN Manager to prevent unauthorized modification of VPN tunnel status until a patch is available. As a temporary workaround, limit the privileges of restricted user profiles to minimize the risk of exploitation.