An improper access control vulnerability in FortiManager may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directlyÂ visiting its URL.
FortiManager versions 6.4.0 to 6.4.3.
FortiManager versions 6.2 and below are NOT impacted.
Please upgrade to FortiManager version 6.4.4 or above.
Please upgrade to FortiManager version 7.0.0 or above.