Insecure communication between DC agent and Collector Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-20-191 Final 1 1 2021-07-07T00:00:00 Current version 2021-07-07T00:00:00 2021-07-07T00:00:00 An improper authentication vulnerability [CWE-287] in FSSO Collector may allow an unauthenticated user to bypass any firewall authentication rule and access the protected network via sending specifically crafted UDP login notification packets. Improper access control Any FSSO DC Agent and Collector released with FOS 7.0.0 or below is impacted.Any FSSO DC Agent and Collector released with FOS 6.4.5 or below is impacted. Upgrade the FSSO DC Agent and Collector with any version released with FOS 7.0.1 or above.Upgrade the FSSO DC Agent and Collector with any version released with FOS 6.4.6 or above. Fortinet is pleased to thank Jerome Dupuis for reporting this issue under responsible disclosure. CVE-2021-26088 6.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L/E:P/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-20-191 Insecure communication between DC agent and Collector Reference>