Access Control missing in P&O module assignment vulnerability Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-20-189 Final 1 1 2021-09-07T00:00:00 Current version 2021-09-07T00:00:00 2021-09-07T00:00:00 An improper authentication vulnerability [CWE-287] in FortiManager may allow a standard user to assign or un-assign a global policy package via a POST request to flatui/json module. Improper access control FortiManager 6.4.3 and below.FortiManager 6.2.6 and below. Upgrade to FortiManager 7.0.0 or above.Upgrade to FortiManager 6.4.4 or above.Upgrade to FortiManager 6.2.7 or above. CVE-2021-24017 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:H/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-20-189 Access Control missing in P&O module assignment vulnerability Reference>