[FortiManager] A restricted admin can access SD-WAN ORCHESTRATOR panel Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-20-061 Final 1 1 2021-08-03T00:00:00 Current version 2021-08-03T00:00:00 2021-08-03T00:00:00 An improper access control vulnerability [CWE-284] in FortiManager may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL. Improper access control FortiManager versions 6.4.0 to 6.4.3.FortiManager versions 6.2 and below are NOT impacted. Please upgrade to FortiManager version 6.4.4 or above.Please upgrade to FortiManager version 7.0.0 or above. Fortinet is pleased to thank Danilo Costa from Sigma Telecom for reporting this issue under responsible disclosure. CVE-2021-24006 6.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:F/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-20-061 [FortiManager] A restricted admin can access SD-WAN ORCHESTRATOR panel Reference>