PSIRT Advisories

FortiManager - Improper Inter ADOM access control

Summary

An improper access control vulnerability [CWE-284] in FortiManager may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager.

Affected Products

FortiManager version 6.4.4 and 6.4.5 .

Please note that FortiManager version 6.4.3 and below are NOT impacted by this issue.

Solutions

Please upgrade to FortiManager version 6.4.6 or above.
Please upgrade to FortiManager version 7.0.0 or above.