CVE-2021-32587

Name of the Vulnerable Software and Affected Versions FortiManager versions 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below

Description An improper access control vulnerability in the GUI interface of FortiManager and FortiAnalyzer may allow a remote and authenticated attacker with a restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration.

Recommendations For FortiManager versions 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below, consider restricting access to the GUI interface until a patch is available. For FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below, consider restricting access to the GUI interface until a patch is available. As a temporary workaround, consider disabling the feature that allows retrieval of administrative users of other ADOMs and their related configuration until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.