CVE-2021-24006

Name of the Vulnerable Software and Affected Versions FortiManager versions 6.4.0 through 6.4.3

Description The issue is related to improper access control in FortiManager, which may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel by directly visiting its URL. This could potentially allow a remote attacker to disclose protected information.

Recommendations For FortiManager versions 6.4.0 through 6.4.3, consider restricting access to the SD-WAN Orchestrator panel until a patch is available. As a temporary workaround, limit the ability of restricted user profiles to directly visit the SD-WAN Orchestrator panel's URL.